File Upload Vulnerabilities in Hitachi Vantara Pentaho Business Analytics
CVE-2021-34685

2.7LOW

Key Information:

Vendor: Hitachi
Status: Vantara Pentaho
Vendor: CVE Published:; 8 November 2021

Summary

The UploadService in Hitachi Vantara's Pentaho Business Analytics versions up to 9.1 contains a security flaw in its file upload handling. This vulnerability allows authenticated users to bypass file type restrictions, specifically enabling the upload of malicious files. The system fails to adequately verify uploaded files, permitting the execution of a .jsp. file, which can lead to remote code execution and compromise system integrity.

References

https://www.hitachi.com/hirt/security/index.html

x_refsource_MISC

http://packetstormsecurity.com/files/164775/Pentaho-Busin...

x_refsource_MISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2021
Vulnerability Reserved
Jun 14, 2021