Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 1:51 a.m.13 views

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...

8.8CVSS6.6AI score0.9767EPSS
Exploits6References1
Metasploit
Metasploit
added 2023/05/11 7:50 p.m.665 views

Pentaho Business Server Auth Bypass and Server Side Template Injection RCE

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass CVE-2022-43939 and a Server Side Template Injection SSTI vulnerability CVE-2022-43769 that can be chained together to achieve unauthenticated code...

9.8CVSS9.1AI score0.9767EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.403 views

Pentaho Business Server Authentication Bypass / SSTI / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pentaho Business Server Auth Bypass and Server Side Template Injection RCE', 'Description' = %q Hitachi Vantara Pentaho Business Analytics Server...

9.8CVSS8.5AI score0.9767EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.354 views

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution RCE Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html Version:...

9.8CVSS8.4AI score0.9767EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.257 views

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html...

8.4AI score0.9767EPSS
Exploits7
0day.today
0day.today
added 2023/04/05 12:0 a.m.248 views

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw. Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Vendor: https://www.hitachivantara.com/ Software...

9.8CVSS9.2AI score0.9767EPSS
Exploits7
Circl
Circl
added 2023/04/03 10:25 p.m.10 views

CVE-2022-43769

creationtimestamp| type| source ---|---|--- 2023-04-03 22:25:06+00:00| seen| https://t.me/cibsecurity/61355 2023-04-08 20:04:44+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8078 2023-05-11 14:42:41+00:00| seen|...

8.8CVSS7.4AI score0.9767EPSS
Exploits6References21
OSV
OSV
added 2023/04/03 6:15 p.m.3 views

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...

7.2CVSS5.8AI score0.9767EPSS
Exploits6References3
Vulnrichment
Vulnrichment
added 2023/04/03 5:47 p.m.9 views

CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...

8.8CVSS9AI score0.9767EPSS
Exploits6References2
Cvelist
Cvelist
added 2023/04/03 5:47 p.m.34 views

CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...

8.8CVSS9.2AI score0.9767EPSS
Exploits6References2
CVE
CVE
added 2023/04/03 5:47 p.m.265 views

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x) are affected by CVE-2022-43769: a server-side template injection that can lead to remote code execution by injecting Spring templates into properties. Impact is unauthenticated command execut...

8.8CVSS8AI score0.9767EPSS
In wildExploits6References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/03 12:0 a.m.15 views

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. Recent assessments: gwillcox-r7 at May 10, 2023 5:31pm UTC reported: This is a...

9.8CVSS8.6AI score0.9767EPSS
In wildExploits7References3
Rows per page
Query Builder