Out-of-Band XML External Entity Reference Vulnerability in Hitachi Vantara Pentaho Business Analytics Server

Out-of-Band XML External Entity Reference Vulnerability in Hitachi Vantara Pentaho Business Analytics Server

CVE-2022-43941 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

Learn more about our Cis Benchmark Audit For Server Software.