CVE-2022-43773

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x

Description The issue is related to errors in permission assignment for files, which can allow a remote attacker to execute arbitrary code. The server is installed with a sample HSQLDB data source configured with stored procedures enabled.

Recommendations For versions prior to 9.4.0.1, update to version 9.4.0.1 or later. For versions prior to 9.3.0.2, update to version 9.3.0.2 or later. For version 8.3.x, consider upgrading to a newer version that is not affected by this issue, such as version 9.3.0.2 or later.