HIGH🇵🇱 Wersja polska

CVE-2021-31599

CVSS 8.8v3.1pub. 2021-11-08upd. 2024-11-21

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Hitachi Vantara Pentaho

    APP
    Hitachi
    ≤ 9.1.0.0
  • Hitachi Vantara Pentaho Business Intelligence Server

    APP
    Hitachi
    ≤ 7.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-34684CRITICAL9.8ten sam produkt

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL...

CVE-2022-4815HIGH8.0ten sam produkt

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deseri...

CVE-2021-45447HIGH7.7ten sam produkt

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Dat...

CVE-2021-45448HIGH7.1ten sam produkt

Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exp...

CVE-2021-31601HIGH7.1ten sam produkt

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server throug...