CVE-2022-4769

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.2 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x

Description The issue is related to the display of the target path on the host when a file is uploaded with an invalid character in its name. This can potentially allow a remote attacker to gain unauthorized access to protected information due to weaknesses in the error reporting mechanism.

Recommendations For versions prior to 9.4.0.0, update to version 9.4.0.0 or later. For versions prior to 9.3.0.2, update to version 9.3.0.2 or later. For version 8.3.x, consider upgrading to a newer version to mitigate the risk, as this version is affected. As a temporary workaround, consider restricting file uploads with invalid characters in their names until a patch is available.