CVE-2022-43940

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 

10 Apr 2023, 17:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-863
First Time Hitachi
Hitachi vantara Pentaho Business Analytics Server
CPE cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*
References (MISC) https://support.pentaho.com/hc/en-us/articles/14456609400973--Resolved-Pentaho-BA-Server-Incorrect-Authorization-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940- - (MISC) https://support.pentaho.com/hc/en-us/articles/14456609400973--Resolved-Pentaho-BA-Server-Incorrect-Authorization-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940- - Vendor Advisory

03 Apr 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-03 19:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-43940

Mitre link : CVE-2022-43940

CVE.ORG link : CVE-2022-43940


JSON object : View

Products Affected

hitachi

  • vantara_pentaho_business_analytics_server
CWE
CWE-863

Incorrect Authorization