← back
CVE-2021-34684

CVE-2021-34684

CVSS 9.8 CRITICALEPSS 5.8%
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
Affected products
n/a · n/a
public PoCs found1
cve_referencepacketstormsecurity.com/files/164791/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-SQL-Injection.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164791/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-SQL-Injection.htmlhttps://www.hitachi.com/hirt/security/index.html