12 matches found
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass CVE-2022-43939 and a Server Side Template Injection SSTI vulnerability CVE-2022-43769 that can be chained together to achieve unauthenticated code...
Pentaho Business Server Authentication Bypass / SSTI / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pentaho Business Server Auth Bypass and Server Side Template Injection RCE', 'Description' = %q Hitachi Vantara Pentaho Business Analytics Server...
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution RCE Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html Version:...
Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution
Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html...
Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution
Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw. Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Vendor: https://www.hitachivantara.com/ Software...
CVE-2022-43769
creationtimestamp| type| source ---|---|--- 2023-04-03 22:25:06+00:00| seen| https://t.me/cibsecurity/61355 2023-04-08 20:04:44+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8078 2023-05-11 14:42:41+00:00| seen|...
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...
CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...
CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x) are affected by CVE-2022-43769: a server-side template injection that can lead to remote code execution by injecting Spring templates into properties. Impact is unauthenticated command execut...
CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. Recent assessments: gwillcox-r7 at May 10, 2023 5:31pm UTC reported: This is a...