[CVE-2022-43939] Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

SecurityDesk
2025.03.03 00:00 조회 5

CISA KEV 정보

취약점명Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
설명Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.
조치사항Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
랜섬웨어 캠페인 악용Unknown
CWECWE-647
등록일 (KEV)2025-03-03
조치 기한2025-03-24
추가 참고https://support.pentaho.com/hc/en-us/articles/14455394120333--Resolved-Pentaho-BA-Server-Use-of-Non-Canonical-URL-Paths-for-Authorization-Decisions-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43939- ; https://nvd.nist.gov/vuln/detail/CVE-2022-43939

NVD 상세 정보

CVSS v3.1: 8.6 HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

설명: Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

CWE: CWE-647

참조

This product uses the NVD API but is not endorsed or certified by the NVD.



바로 가기

← 목록으로 돌아가기

IT 도구 서랍

→ Unix: 2025-01-15T09:30:00
→ 날짜: 1736934600

→ ASCII: ABC
→ 문자: 65 66 67

ASCII 코드표 — 클릭하면 입력란에 추가

제어 문자 (0–31)

DecHex약어설명

출력 가능 문자 (32–126)

DecHex문자

확장 ASCII (128–255)

DecHex문자

→ 유니코드: 홍길동
→ 문자: \ud64d\uae38\ub3d9