.. / CVE-2022-43769

Exploit for Hitachi Pentaho Business Analytics Server - Remote Code Execution (CVE-2022-43769)

Description:

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.

Nuclei Template

View the template here CVE-2022-43769.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-43769.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-43769
https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-
http://packetstormsecurity.com/files/172296/Pentaho-Business-Server-Authentication-Bypass-SSTI-Code-Execution.html