CVE-2022-43938

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 

10 Apr 2023, 17:59

Type Values Removed Values Added
CWE CWE-94
CPE cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Hitachi
Hitachi vantara Pentaho Business Analytics Server
References (MISC) https://support.pentaho.com/hc/en-us/articles/14454630725645--Resolved-Pentaho-BA-Server-Improper-Neutralization-of-Directives-in-Statically-Saved-Code-Static-Code-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43938- - (MISC) https://support.pentaho.com/hc/en-us/articles/14454630725645--Resolved-Pentaho-BA-Server-Improper-Neutralization-of-Directives-in-Statically-Saved-Code-Static-Code-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43938- - Vendor Advisory

03 Apr 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-03 19:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-43938

Mitre link : CVE-2022-43938

CVE.ORG link : CVE-2022-43938


JSON object : View

Products Affected

hitachi

  • vantara_pentaho_business_analytics_server
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-96

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')