CVE-2022-43769 PoC — Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-43769.yaml

Associated Vulnerability

Title:Hitachi Vantara Pentaho Business Analytics Server 代码注入漏洞 (CVE-2022-43769)
Description:Hitachi Vantara Pentaho Business Analytics Server是日本日立制作所（Hitachi）公司的一个现代数据混合、集成和业务分析平台。 Hitachi Vantara Pentaho Business Analytics Server 存在代码注入漏洞，该漏洞源于允许某些 Web 服务设置包含下游解释的 Spring 模板的属性值。

Description

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.

File Snapshot


 id: CVE-2022-43769

info:
  name: Hitachi Pentaho Business Analytics Server - Remote Code Execution


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!