SQL Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics Server

CVE-2022-4770 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.