Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

Known Exploited Vulnerabilities CVE-2022-43939

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2022-43939	Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments Due to a regex flaw, an attacker can use non-canonical URLs to bypass authentication. When chained with CVE-2022-43769, can lead to unauthorized code execution. References https://www.rapid7.com/db/modules/exploit/multi/http/pentaho_business_server_authbypass_and_ssti/
CVE-2022-43939	Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments Due to a regex flaw, an attacker can use non-canonical URLs to bypass authentication. When chained with CVE-2022-43769, can lead to unauthorized code execution. References https://www.rapid7.com/db/modules/exploit/multi/http/pentaho_business_server_authbypass_and_ssti/