HIGH🇬🇧 English

CVE-2022-4815

CVSS 8.0v3.1pub. 2023-05-24upd. 2024-11-21

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Hitachi Vantara Pentaho

    APP
    Hitachi
    8.3.0.0 – 8.3.0.25
  • Hitachi Vantara Pentaho Business Analytics Server

    APP
    Hitachi
    9.4.0.09.3.0.0 – 9.3.0.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Deserialization
CWE
Referencje

Powiązane podatności

CVE-2021-34684CRITICAL9.8ten sam produkt

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL...

CVE-2022-43769HIGH8.8⚠ KEVten sam produkt

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow...

CVE-2022-43939HIGH8.6⚠ KEVten sam produkt

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain...

CVE-2022-43938HIGH8.8ten sam produkt

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cann...

CVE-2022-43773HIGH8.8ten sam produkt

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is i...