CVE-2022-43939
| CVE Published | 2023-04-03 |
|---|---|
| Related CWE(s) | CWE-647: Use of Non-Canonical URL Paths for Authorization Decisions |
| Related Vendor(s) | hitachi |
| Related Product(s) | vantara_pentaho_business_analytics_server |
| Exploitation Reported (CISA KEV) | 2025-03-03 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph