1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

Known Exploited Vulnerabilities CVE-2022-43769

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
Attackers can use Server-Side Template Injection with a Thymeleaf template to inject malicious code.. When chained with CVE-2022-43939, can lead to unauthorized code execution.
References
  1. https://www.rapid7.com/db/modules/exploit/multi/http/pentaho_business_server_authbypass_and_ssti/
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Attackers can use Server-Side Template Injection with a Thymeleaf template to inject malicious code.. When chained with CVE-2022-43939, can lead to unauthorized code execution.
References
  1. https://www.rapid7.com/db/modules/exploit/multi/http/pentaho_business_server_authbypass_and_ssti/