← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-43939 — Actively Exploited: Pentaho Business Analytics (BA) Server (Hitachi Vantara)

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.

CVE IDCVE-2022-43939
VendorHitachi Vantara
ProductPentaho Business Analytics (BA) Server
Vulnerability nameHitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
Date added2025-03-03
Remediation due2025-03-24
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionHitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →