CVE-2022-4771

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:58

Type Values Removed Values Added
Summary Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 

10 Apr 2023, 17:03

Type Values Removed Values Added
References (MISC) https://support.pentaho.com/hc/en-us/articles/14455436088717--Resolved-Pentaho-BA-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4771- - (MISC) https://support.pentaho.com/hc/en-us/articles/14455436088717--Resolved-Pentaho-BA-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4771- - Vendor Advisory
First Time Hitachi
Hitachi vantara Pentaho Business Analytics Server
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
CPE cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:9.4.0.0:*:*:*:*:*:*:*

03 Apr 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-03 19:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-4771

Mitre link : CVE-2022-4771

CVE.ORG link : CVE-2022-4771


JSON object : View

Products Affected

hitachi

  • vantara_pentaho_business_analytics_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')