ID
VAR-202305-2304
CVE
CVE-2022-4815
TITLE
Hitachi Vantara's Vantara Pentaho and Pentaho Business Analytics Untrusted Data Deserialization Vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2022-024892
DESCRIPTION
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. (DoS) It may be in a state
Trust: 1.71
sources:
NVD: CVE-2022-4815 //
JVNDB: JVNDB-2022-024892 //
VULMON: CVE-2022-4815
AFFECTED PRODUCTS
| vendor: | hitachi | model: | vantara pentaho business analytics server | scope: | gte | version: | 9.3.0.0 | Trust: 1.0 |
| vendor: | hitachi | model: | vantara pentaho business analytics server | scope: | eq | version: | 9.4.0.0 | Trust: 1.0 |
| vendor: | hitachi | model: | vantara pentaho | scope: | lte | version: | 8.3.0.25 | Trust: 1.0 |
| vendor: | hitachi | model: | vantara pentaho business analytics server | scope: | lte | version: | 9.3.0.3 | Trust: 1.0 |
| vendor: | hitachi | model: | vantara pentaho | scope: | gte | version: | 8.3.0.0 | Trust: 1.0 |
| vendor: | 日立ヴァンタラ | model: | vantara pentaho | scope: | eq | version: | 8.3.0.0 to 8.3.0.25 | Trust: 0.8 |
| vendor: | 日立ヴァンタラ | model: | pentaho business analytics | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-024892 //
NVD: CVE-2022-4815
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
JVNDB: JVNDB-2022-024892 //
CNNVD: CNNVD-202305-2168 //
NVD: CVE-2022-4815 //
NVD: CVE-2022-4815
PROBLEMTYPE DATA
| problemtype: | CWE-502 | Trust: 1.0 |
| problemtype: | Deserialization of untrusted data (CWE-502) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-024892 //
NVD: CVE-2022-4815
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202305-2168
TYPE
code problem
Trust: 0.6
sources:
CNNVD: CNNVD-202305-2168
PATCH
| title: | (Resolved) Pentaho BA Server - Deserialization of Untrusted Data - Versions before 9.4.0.1 and 9.3.0.3, including 8.3.x Impacted (CVE-2022-4815) | url: | https://support.pentaho.com/hc/en-us/articles/14455879270285-IMPORTANT-Resolved-Pentaho-BA-Server-Deserialization-of-Untrusted-Data-Versions-before-9-4-0-1-and-9-3-0-3-including-8-3-x-Impacted-CVE-2022-4815- | Trust: 0.8 |
| title: | Hitachi Vantara Pentaho Business Analytics Server Fixes for code issue vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=240065 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2022-024892 //
CNNVD: CNNVD-202305-2168
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-4815 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2022-024892 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202305-2168 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-4815 | Trust: 0.1 |
sources:
VULMON: CVE-2022-4815 //
JVNDB: JVNDB-2022-024892 //
CNNVD: CNNVD-202305-2168 //
NVD: CVE-2022-4815
REFERENCES
| url: | https://support.pentaho.com/hc/en-us/articles/14455879270285-important-resolved-pentaho-ba-server-deserialization-of-untrusted-data-versions-before-9-4-0-1-and-9-3-0-3-including-8-3-x-impacted-cve-2022-4815- | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-4815 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-4815/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2022-4815 //
JVNDB: JVNDB-2022-024892 //
CNNVD: CNNVD-202305-2168 //
NVD: CVE-2022-4815
SOURCES
| db: | VULMON | id: | CVE-2022-4815 |
| db: | JVNDB | id: | JVNDB-2022-024892 |
| db: | CNNVD | id: | CNNVD-202305-2168 |
| db: | NVD | id: | CVE-2022-4815 |
LAST UPDATE DATE
2024-08-14T14:54:46.051000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-4815 | date: | 2023-05-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-024892 | date: | 2024-01-24T04:40:00 |
| db: | CNNVD | id: | CNNVD-202305-2168 | date: | 2023-06-02T00:00:00 |
| db: | NVD | id: | CVE-2022-4815 | date: | 2023-06-01T15:45:06.507 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-4815 | date: | 2023-05-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-024892 | date: | 2024-01-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-202305-2168 | date: | 2023-05-24T00:00:00 |
| db: | NVD | id: | CVE-2022-4815 | date: | 2023-05-24T22:15:09 |