CVE-2022-43939

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x

Description The issue is related to the use of non-canonical URL paths for authorization solutions, which can be circumvented. This can allow a remote attacker to elevate their privileges. The vulnerability is being actively exploited.

Recommendations For versions before 9.4.0.1 and 9.3.0.2, including 8.3.x, update to a version that contains the security fix, such as version 9.4.0.1 or 9.3.0.2, to prevent the exploitation of this issue. As a temporary workaround, consider restricting access to non-canonical URLs to minimize the risk of exploitation.