Description
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-74CWE-94
Metadata
- Primary Vendor
- HITACHI
- Published
- 4/3/2023
- Last Modified
- 10/24/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
hitachi : vantara_pentaho_business_analytics_serverhitachi : vantara_pentaho_business_analytics_server
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.