CVE-2022-4815
published 2023-05-24CVE-2022-4815: Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the…
PriorityP347high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.63%
45.5th percentile
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi | vantara_pentaho | 8.3.0.0 – 8.3.0.25 | — |
| hitachi | vantara_pentaho_business_analytics_server | — | — |
| hitachi | vantara_pentaho_business_analytics_server | 9.3.0.0 – 9.3.0.3 | — |
| hitachi_vantara | pentaho_business_analytics_server | >= 1.0 < 9.3.0.3 | 9.3.0.3 |
| hitachi_vantara | pentaho_business_analytics_server | >= 9.4.0.0 < 9.4.0.1 | 9.4.0.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9ff4-rf5q-wgc5: Hitachi Vantara Pentaho Business Analytics Server versions before 9
ghsa_unreviewed·2023-07-06
CVE-2022-4815 [HIGH] CWE-502 GHSA-9ff4-rf5q-wgc5: Hitachi Vantara Pentaho Business Analytics Server versions before 9
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
Red Hat
kernel: hwmon: (nct6775) Fix crash in clear_caseopen
vendor_redhat·2024-06-20·CVSS 5.5
CVE-2022-48750 [MEDIUM] kernel: hwmon: (nct6775) Fix crash in clear_caseopen
kernel: hwmon: (nct6775) Fix crash in clear_caseopen
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775) Fix crash in clear_caseopen
Paweł Marciniak reports the following crash, observed when clearing
the chassis intrusion alarm.
BUG: kernel NULL pointer dereference, address: 0000000000000028
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 4815 Comm: bash Tainted: G S 5.16.2-200.fc35.x86_64 #1
Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z97 Extreme4, BIOS P2.60A 05/03/2018
RIP: 0010:clear_caseopen+0x5a/0x120 [nct6775]
Code: 68 70 e8 e9 32 b1 e3 85 c0 0f 85 d2 00 00 00 48 83 7c 24 ...
RSP: 0018:ffffabcb02803dd8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff8e8808192880 RSI: 0000000000000
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.pentaho.com/hc/en-us/articles/14455879270285-IMPORTANT-Resolved-Pentaho-BA-Server-Deserialization-of-Untrusted-Data-Versions-before-9-4-0-1-and-9-3-0-3-including-8-3-x-Impacted-CVE-2022-4815-https://support.pentaho.com/hc/en-us/articles/14455879270285-IMPORTANT-Resolved-Pentaho-BA-Server-Deserialization-of-Untrusted-Data-Versions-before-9-4-0-1-and-9-3-0-3-including-8-3-x-Impacted-CVE-2022-4815-
2023-05-24
Published