This vulnerability affects Hitachi Vantara’s Pentaho Business Analytics server, specifically versions prior to 9.4.0.1, 9.3.0.2, and all 8.3.x versions. CVE-2022-43939 is being actively exploited in real-world environments, with attackers using publicly available proof-of-concept (PoC) exploits to compromise vulnerable systems.
| Product | Hitachi Vantara |
| Date | 2025-03-05 10:30:30 |
| Information |
|
Technical Summary
CVE-2022-43939 is caused by the failure to properly normalize URL paths during authorization decisions. Consequently, an attacker can craft malicious URLs to bypass security restrictions, gaining unauthorized access. Furthermore, when combined with another vulnerability (CVE-2022-43769), the exploit chain can lead to unauthenticated remote code execution, allowing attackers to run arbitrary commands on the affected server. Proof-of-concept implementations (e.g., integrated into the Metasploit Framework) demonstrate how this flaw can be leveraged to execute commands such as remote application launching.
Recommendations
- Immediate Update: Upgrade to Pentaho Business Analytics Server version 9.4.0.1 or later to ensure the vulnerability is patched.
- Strengthen Authorization Filters: Implement a more restrictive set of authorization filters within the security configuration to reduce the risk of exploitation.
- Conduct a Security Assessment: Review the current deployment to identify further exposures and verify that all security configurations are aligned with best practices.
- Monitor for Indicators of Compromise (IoCs): Given the active exploitation, organizations should monitor logs for suspicious activity, including unauthorized access attempts and unexpected command executions.
[Callforaction-THREAT-Footer]
