ET WEB_SPECIFIC_APPS Hitachi Vantara Pentaho Business Analytics Server Authorization Bypass and Remote Code Execution Attempt (CVE-2022-43769, 2022-43939)
Sourceet/open
CreatedMarch 5, 2025
UpdatedMarch 5, 2025
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Hitachi Vantara Pentaho Business Analytics Server Authorization Bypass and Remote Code Execution Attempt (CVE-2022-43769, 2022-43939)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/pentaho/api/ldap/config/ldapTreeNodeChildren/"; fast_pattern; startswith; content:"require"; within:50; content:"js|3f|url|3d|"; within:50; content:"|28|java.lang.Runtime|29 2e|getRuntime|28 29 2e|exec|28|"; within:200; reference:cve,2022-43939; reference:cve,2022-437969; reference:url,attackerkb.com/topics/JGGe0nRNNv/cve-2022-43939; reference:url,attackerkb.com/topics/hy6nWcCo30/cve-2022-43769; reference:cve,2022-43769; classtype:attempted-admin; sid:2060594; rev:1; metadata:affected_product Hitachi_Vantara_Pentaho_Business_Analytics_Server, attack_target Server, tls_state plaintext, created_at 2025_03_05, cve CVE_2022_43769, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2025_03_05, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
References
Metadata
affected productHitachi_Vantara_Pentaho_Business_Analytics_Server
attack targetServer
tls stateplaintext
created at2025_03_05
deploymentInternal
performance impactLow
confidenceHigh
signature severityMajor
tagCISA_KEV
updated at2025_03_05
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!