Unrated severityNVD Advisory· Published Nov 8, 2021· Updated Aug 4, 2024
CVE-2021-34685
CVE-2021-34685
Description
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Hitachi Vantara/Pentaho Business Analyticsdescription
- Range: <=9.1
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/164775/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Filename-Bypass.htmlmitrex_refsource_MISC
- www.hitachi.com/hirt/security/index.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.