{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4770", "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "state": "PUBLISHED", "assignerShortName": "HITVAN", "dateReserved": "2022-12-27T22:39:50.860Z", "datePublished": "2023-04-03T18:56:17.800Z", "dateUpdated": "2025-02-11T14:28:35.632Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Pentaho Business Analytics Server", "vendor": "Hitachi Vantara", "versions": [{"lessThan": "9.3.0.2", "status": "affected", "version": "1.0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hitachi Group Member"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>\n\n"}], "value": "\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).\u00a0\n\n"}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "shortName": "HITVAN", "dateUpdated": "2023-04-03T18:56:17.800Z"}, "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/14455209015949--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-9-4-0-0-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4770-"}], "source": {"discovery": "INTERNAL"}, "title": "Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:40.442Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/14455209015949--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-9-4-0-0-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4770-", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T14:28:31.759410Z", "id": "CVE-2022-4770", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T14:28:35.632Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/14455209015949--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-9-4-0-0-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4770-", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:40.442Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4770", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T14:28:31.759410Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T14:28:28.964Z"}}], "cna": {"title": "Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information ", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hitachi Group Member"}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi Vantara", "product": "Pentaho Business Analytics Server", "versions": [{"status": "affected", "version": "1.0", "lessThan": "9.3.0.2", "versionType": "maven"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/14455209015949--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-9-4-0-0-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4770-"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).\u00a0\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "shortName": "HITVAN", "dateUpdated": "2023-04-03T18:56:17.800Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4770", "state": "PUBLISHED", "dateUpdated": "2025-02-11T14:28:35.632Z", "dateReserved": "2022-12-27T22:39:50.860Z", "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13", "datePublished": "2023-04-03T18:56:17.800Z", "assignerShortName": "HITVAN"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:vantara_pentaho_business_analytics_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D161D2B-52A5-4EF4-B7BC-0B1D823030FB", "versionEndExcluding": "9.3.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).\u00a0\n\n"}], "id": "CVE-2022-4770", "lastModified": "2024-11-21T07:35:54.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-03T19:15:07.227", "references": [{"source": "security.vulnerabilities@hitachivantara.com", "tags": ["Vendor Advisory"], "url": "https://support.pentaho.com/hc/en-us/articles/14455209015949--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-9-4-0-0-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4770-"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.pentaho.com/hc/en-us/articles/14455209015949--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Generation-of-Error-Message-Containing-Sensitive-Information-Versions-before-9-4-0-0-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-4770-"}], "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "security.vulnerabilities@hitachivantara.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}