Clarence Liau

**Name of the Vulnerable Software and Affected Versions** Pentaho Business Analytics Server versions prior to 9.4.0.1 Pentaho Business Analytics Server versions prior to 9.3.0.3 Pentaho Business Analytics Server version 8.3.x **Description** The issue concerns the deserialization of untrusted JSON data without proper constraints on the parser, allowing it to access unapproved classes and methods. **Recommendations** For versions prior to 9.4.0.1, update to version 9.4.0.1 or later. For versions prior to 9.3.0.3, update to version 9.3.0.3 or later. For version 8.3.x, consider upgrading to a newer version that includes the necessary security fixes, as version 8.3.x is affected.