Vulnerability Description
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachi | Vantara Pentaho Business Analytics Server | < 9.3.0.2 |
Related Weaknesses (CWE)
References
- https://support.pentaho.com/hc/en-us/articles/14456609400973--Resolved-Pentaho-BVendor Advisory
- https://support.pentaho.com/hc/en-us/articles/14456609400973--Resolved-Pentaho-BVendor Advisory
FAQ
What is CVE-2022-43940?
CVE-2022-43940 is a vulnerability with a CVSS score of 8.8 (HIGH). Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.
How severe is CVE-2022-43940?
CVE-2022-43940 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43940?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Vantara Pentaho Business Analytics Server.