Lucene search
K

9 matches found

Metasploit
Metasploit
added 2023/05/11 7:50 p.m.665 views

Pentaho Business Server Auth Bypass and Server Side Template Injection RCE

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass CVE-2022-43939 and a Server Side Template Injection SSTI vulnerability CVE-2022-43769 that can be chained together to achieve unauthenticated code...

9.8CVSS9.1AI score0.9767EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.403 views

Pentaho Business Server Authentication Bypass / SSTI / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pentaho Business Server Auth Bypass and Server Side Template Injection RCE', 'Description' = %q Hitachi Vantara Pentaho Business Analytics Server...

9.8CVSS8.5AI score0.9767EPSS
Exploits7
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.355 views

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution RCE Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html Version:...

9.8CVSS8.4AI score0.9767EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.257 views

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html...

8.4AI score0.9767EPSS
Exploits7
0day.today
0day.today
added 2023/04/05 12:0 a.m.248 views

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw. Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Vendor: https://www.hitachivantara.com/ Software...

9.8CVSS9.2AI score0.9767EPSS
Exploits7
Circl
Circl
added 2023/04/03 10:24 p.m.9 views

CVE-2022-43939

creationtimestamp| type| source ---|---|--- 2023-04-03 22:24:51+00:00| seen| https://t.me/cibsecurity/61345 2023-04-08 20:04:44+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8078 2023-05-11 14:42:41+00:00| seen|...

9.8CVSS7.1AI score0.92266EPSS
In wildExploits6References13
Cvelist
Cvelist
added 2023/04/03 6:10 p.m.33 views

CVE-2022-43939 Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented...

8.6CVSS9.8AI score0.92266EPSS
Exploits6References2
CVE
CVE
added 2023/04/03 6:10 p.m.221 views

CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2 (including 8.3.x) suffer from an authentication- bypass vulnerability due to security restrictions that use non-canonical URL paths. This CVE (CVE-2022-43939) allows bypassing authorization decisions for certain...

9.8CVSS9.2AI score0.92266EPSS
In wildExploits6References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/03 12:0 a.m.15 views

CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. Recent assessments: gwillcox-r7 at May 10, 2023 5:02pm UTC reported: This is an authentication bypass in Hitachi...

9.8CVSS7.6AI score0.9767EPSS
In wildExploits7References3
Rows per page
Query Builder