SQL Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics Server
CVE-2022-4770 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.