Unrated severityCISA KEVNVD Advisory· Published Apr 3, 2023· Updated Oct 21, 2025
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CVE-2022-43769
Description
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <9.4.0.1 and <9.3.0.2, including 8.3.x
- Range: 1.0
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.htmlmitre
- support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-mitre
News mentions
0No linked articles in our index yet.