CVE-2022-43939 is a Hitachi Vantara Pentaho Business Analytics (BA) Server authorization bypass issue tied to non-canonical URL paths being used for authorization decisions. CISA lists it in the Known Exploited Vulnerabilities catalog, so defenders should treat it as an actively relevant exposure and prioritize remediation on any affected Pentaho BA Server instance.
Known exploitedHitachi VantaraCVE published 2025-03-03
CVE-2022-43769 is a CISA Known Exploited Vulnerability affecting Hitachi Vantara Pentaho Business Analytics (BA) Server. The KEV record identifies it as a special element injection issue and points to vendor guidance for mitigation. Because CISA has flagged it for active exploitation, organizations running Pentaho BA Server should treat it as a high-priority remediation item, especially for versions noted [truncated]
