Template Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics Server

Template Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics Server

CVE-2022-43769 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 

Learn more about our Web App Pen Testing.