Authorization Bypass in Hitachi Vantara Pentaho Business Analytics Server Dashboard Editor Plugin API

Authorization Bypass in Hitachi Vantara Pentaho Business Analytics Server Dashboard Editor Plugin API

CVE-2022-43770 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.   

Learn more about our Cis Benchmark Audit For Server Software.