← back
CVE-2021-34685

CVE-2021-34685

CVSS 2.7 LOWEPSS 2.2%
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).
CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:H/S:U/UI:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164775/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Filename-Bypass.htmlhttps://www.hitachi.com/hirt/security/index.html