FAIL › dossier

Pentaho Business Analytics (BA) Server product

2
failure events
0
zero-days
1
RCEs
2
on KEV
0
critical
65
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 2 events

DateEventSevFlagsShameSummary
2025-03-03 CVE-2022-43769 high ⚡RCE ⌖KEV 65 Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.
2025-03-03 CVE-2022-43939 high ⌖KEV 50 Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.