1. Home
  2. CVE Database
  3. CVE-2022-43770
MEDIUM · 5.4

CVE-2022-43770

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.   

Vulnerability Description

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.   

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
HitachivantaraPentaho Business Analytics< 8.3.0.27

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2022-43770?

CVE-2022-43770 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.   

How severe is CVE-2022-43770?

CVE-2022-43770 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-43770?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachivantara Pentaho Business Analytics.