Unrestricted JSON Deserialization Vulnerability in Hitachi Vantara Pentaho Business Analytics Server

CVE-2022-4815 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

Learn more about our Cis Benchmark Audit For Server Software.