Unrestricted JSON Deserialization Vulnerability in Hitachi Vantara Pentaho Business Analytics Server
CVE-2022-4815 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Learn more about our Cis Benchmark Audit For Server Software.