8.8
CVE-2022-4815
- EPSS 0.51%
- Veröffentlicht 24.05.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:35:59
- Quelle security.vulnerabilities@hitac
- CVE-Watchlists
- Unerledigt
LoginHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hitachi ≫ Vantara Pentaho Version >= 8.3.0.0 <= 8.3.0.25
Hitachi ≫ Vantara Pentaho Business Analytics Server Version >= 9.3.0.0 <= 9.3.0.3
Hitachi ≫ Vantara Pentaho Business Analytics Server Version9.4.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.655 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security.vulnerabilities@hitachivantara.com | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.