Pentaho Business Analytics Server is a comprehensive business intelligence and data integration platform. It provides tools for data analysis, reporting, dashboarding, and data mining. The server enables organizations to transform raw data into actionable insights through its user-friendly interface and powerful analytics capabilities.

Pentaho Business Analytics Server


Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.  



CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2022-4815	HIGH	8.8	Pentaho Business Analytics Server	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server	No	Yes	May 24, 2023
CVE-2022-4771	MEDIUM	6.1	Pentaho Business Analytics Server	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server	No	Yes	Apr 03, 2023
CVE-2023-1158	MEDIUM	4.3	Pentaho Business Analytics Server	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server	No	Yes	May 24, 2023
CVE-2022-4770	MEDIUM	4.3	Pentaho Business Analytics Server	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server	No	Yes	Apr 03, 2023
CVE-2022-4769	MEDIUM	4.3	Pentaho Business Analytics Server	cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server	No	Yes	Apr 03, 2023

CVE-2022-43771:
Pentaho Business Analytics Server vulnerability analysis and mitigation

6.5

Related Pentaho Business Analytics Server vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2022-43771: Pentaho Business Analytics Server vulnerability analysis and mitigation