🔴 CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server contains a Spring Template injection vulnerability allowing authenticated attackers to execute arbitrary code. This affects web services that improperly sanitize user input containing Spring templates, leading to server-side template injection (SSTI).

← Back to Overview
HIGH_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2023-04-03

Added to CISA KEV: 2025-03-03 700 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2022-43769 is a critical security vulnerability affecting Hitachi Vantara Pentaho Business Analytics (BA) Server [1]. It is classified as a special element injection vulnerability, specifically involving Server-Side Template Injection (SSTI)?id=CVE-2022-43769?kagi_q=CVE-2022-43769+details+exploitation+impact+affected+versions [3].

Exploitation and Threat Landscape
  • Active Exploitation: This vulnerability is confirmed to be actively exploited in the wild and is included in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog [1]?search_api_fulltext=CVE-2022-43769?kagi_q=CVE-2022-43769+details+exploitation+impact+affected+versions.
  • Threat Actor Usage: While it is known to be exploited in the wild, specific threat actor attribution or association with particular ransomware campaigns is not widely detailed in public security reporting. However, its presence in the CISA KEV catalog underscores its high risk and utility to attackers for initial access or system compromise.
  • Proof-of-Concept (PoC): Publicly available exploit code and detection templates (such as those for the Nuclei vulnerability scanner) exist for this CVE [2] [5].
Attack Method and Impact
  • Method: The vulnerability allows an attacker to interact with certain web services to set property values containing Spring templates [1]. These templates are subsequently interpreted by the server, leading to code injection [3].
  • Requirements: The attack is network-based, meaning it can be exploited remotely by an attacker with network access to the Pentaho BA Server.
  • Impact: Successful exploitation allows an attacker to execute arbitrary code on the affected server [2]. This can lead to full unauthorized control over the system, potential data loss, and operational disruption [4].
Affected Versions and Mitigation
  • Affected Versions:
* Versions prior to 9.4.0.1 * Versions prior to 9.3.0.2 * Includes all 8.3.x versions [1]?lang=en?kagi_q=CVE-2022-43769+details+exploitation+impact+affected+versions
  • Mitigation: The primary remediation is to upgrade the Hitachi Vantara Pentaho Business Analytics Server to the patched versions (9.4.0.1, 9.3.0.2, or later) [2]. Organizations should prioritize patching due to the vulnerability's status as a known exploited issue.

Sources

  1. CVE-2022-43769 Detail - NVD

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which ... CVE-2022-43769 Detail. Description. Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including…

  2. CVE-2022-43769.yaml - nuclei-templates

    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server. remediation: Upgrade to 9.4 with Service ...

  3. CVE-2022-43769 - Exploits & Severity - Feedly

    CVE-2022-43769 is a special element injection vulnerability in the Hitachi Vantara Pentaho BA Server, which poses significant risks as it is actively exploited in the wild. The article does not provide a CVSS score, details on proof-of-concept exploits, or specific mitigations, detections, or patche…

  4. CVE-2022-43769 | High Vulnerability in Hitachi Vantara Pentaho ...

    The affected products are versions of the Hitachi Vantara Pentaho Business Analytics Server, specifically those prior to 9.4.0.1 and 9.3.0.2. Technical Analysis. ... Risk & Impact Analysis Real-world deployment risk is significant for organizations utilizing the affected versions of the Hitachi Vant…

  5. CVE-2022-43769 : Hitachi Vantara Pentaho Business Analytics ...

    Public exploit exists! ... Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to ... CVE-2022-43769 : Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certai…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed