HIGH🇵🇱 Wersja polska

CVE-2022-4815

CVSS 8.0v3.1pub. 2023-05-24upd. 2024-11-21

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Hitachi Vantara Pentaho

    APP
    Hitachi
    8.3.0.0 – 8.3.0.25
  • Hitachi Vantara Pentaho Business Analytics Server

    APP
    Hitachi
    9.4.0.09.3.0.0 – 9.3.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2021-34684CRITICAL9.8ten sam produkt

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL...

CVE-2022-43769HIGH8.8⚠ KEVten sam produkt

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow...

CVE-2022-43939HIGH8.6⚠ KEVten sam produkt

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain...

CVE-2022-43938HIGH8.8ten sam produkt

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cann...

CVE-2022-43773HIGH8.8ten sam produkt

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is i...