hitachi vantara-pentaho-business-analytics-server CVE-2022-43939 is a vulnerability in Hitachi Vantara Pentaho Business Analytics Server
Published on April 3, 2023

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.

The following remediation steps are recommended / required by March 24, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2022-43939 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.


Products Associated with CVE-2022-43939

You can be notified by stack.watch whenever vulnerabilities like CVE-2022-43939 are published in these products:

Hitachi Vantara Pentaho Business Analytics Server
 

What versions of Vantara Pentaho Business Analytics Server are vulnerable to CVE-2022-43939?