CVE-2022-4815 Information

May 25, 2023 cve

Description

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3 including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.

Reference

https://support.pentaho.com/hc/en-us/articles/14455879270285-IMPORTANT-Resolved-Pentaho-BA-Server-Deserialization-of-Untrusted-Data-Versions-before-9-4-0-1-and-9-3-0-3-including-8-3-x-Impacted-CVE-2022-4815-

Share on: