dwbzn

6 exploits Active since Apr 2023
CVE-2022-43769 METASPLOIT HIGH ruby WORKING POC
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
CVSS 8.8
CVE-2022-43769 VULNCHECK_XDB HIGH WORKING POC
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
CVSS 8.8
CVE-2022-43939 VULNCHECK_XDB HIGH WORKING POC
Hitachi Vantara Pentaho <9.4.0.1-9.3.0.2 - SSRF
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS 8.6
CVE-2022-43769 EXPLOITDB HIGH WORKING POC
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
CVSS 8.8
CVE-2022-43939 METASPLOIT HIGH ruby WORKING POC
Hitachi Vantara Pentaho <9.4.0.1-9.3.0.2 - SSRF
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS 8.6
CVE-2022-43939 EXPLOITDB HIGH text WORKING POC
Hitachi Vantara Pentaho <9.4.0.1-9.3.0.2 - SSRF
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS 8.6