What is the Vulnerability?Threat actors are actively exploiting vulnerabilities in the Hitachi Vantara Pentaho Business Analytics Server. FortiGuard network sensors have detected attack attempts on over 500 devices, and CISA has added these vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation.The Pentaho Business Analytics Server is widely used, trusted by 73% of Fortune 100 companies, and plays a crucial role in data analysis and business intelligence.Affected VulnerabilitiesCVE-2022-43939: Hitachi Vantara Pentaho BA Server Authorization Bypass VulnerabilityCVE-2022-43769: Hitachi Vantara Pentaho BA Server Special Element Injection VulnerabilityWhat is the recommended Mitigation?Apply the latest patch or update from the vendor. [CVE-2022-43769 and CVE-2022-43939]What FortiGuard Coverage is available?Patch Immediately – FortiGuard Labs strongly recommends applying vendor fixes as soon as they are available. Follow all guidance from the official vendor advisory.Intrusion Prevention System (IPS) Protection – FortiGuard Labs provides IPS signatures to detect and block exploitation attempts for CVE-2022-43769 and CVE-2022-43939.Incident Response Support – If a compromise is suspected, the FortiGuard Incident Response team is available for assistance.
