CVE-2022-43769

HIGH Year: 2022
CVSS v3 Score
7.2
High
Weakness Type
CWE-74
View all →

Vulnerability Description

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

Related Vulnerabilities

CVE-2011-2538

HIGH
CVSS:7.2(High)

Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.

CWE-742011

CVE-2011-4558

HIGH
CVSS:7.2(High)

Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.

CWE-742011

CVE-2012-2931

HIGH
CVSS:7.2(High)

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.

CWE-742012

CVE-2017-18386

HIGH
CVSS:7.2(High)

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).

CWE-742017

CVE-2017-18387

HIGH
CVSS:7.2(High)

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).

CWE-742017

CVE-2019-11073

HIGH
CVSS:7.2(High)

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransa...

CWE-742019