PT-2023-15592 · Hitachi Vantara · Pentaho Business Analytics Server

Clarence Liau

Publicado

2023-05-24

Atualizado

2023-06-01

CVE-2022-4815

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pentaho Business Analytics Server versions prior to 9.4.0.1 Pentaho Business Analytics Server versions prior to 9.3.0.3 Pentaho Business Analytics Server version 8.3.x

Description The issue concerns the deserialization of untrusted JSON data without proper constraints on the parser, allowing it to access unapproved classes and methods.

Recommendations For versions prior to 9.4.0.1, update to version 9.4.0.1 or later. For versions prior to 9.3.0.3, update to version 9.3.0.3 or later. For version 8.3.x, consider upgrading to a newer version that includes the necessary security fixes, as version 8.3.x is affected.

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2022-4815

Produtos afetados

Pentaho Business Analytics Server

PT-2023-15592 · Hitachi Vantara · Pentaho Business Analytics Server

CVE-2022-4815

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3