CVE-2022-43941 Information

Description

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2 including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.

Reference

https://support.pentaho.com/hc/en-us/articles/14456719346957–Resolved-Pentaho-BA-Server-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43940-CVE-2022-43941-