CVE-2022-43769 Information

Description

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2 including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

Reference

https://support.pentaho.com/hc/en-us/articles/14455561548301–Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-