CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

10 Apr 2023, 17:42

Type Values Removed Values Added
CWE CWE-611
CPE cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*
References (MISC) https://support.pentaho.com/hc/en-us/articles/14456719346957--Resolved-Pentaho-BA-Server-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-CVE-2022-43941- - (MISC) https://support.pentaho.com/hc/en-us/articles/14456719346957--Resolved-Pentaho-BA-Server-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-CVE-2022-43941- - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Hitachi
Hitachi vantara Pentaho Business Analytics Server

03 Apr 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-03 19:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-43941

Mitre link : CVE-2022-43941

CVE.ORG link : CVE-2022-43941


JSON object : View

Products Affected

hitachi

  • vantara_pentaho_business_analytics_server
CWE
CWE-611

Improper Restriction of XML External Entity Reference