CVE-2021-34685

2021-11-08T04:15:00
ID CVE-2021-34685
Type cve
Reporter cve@mitre.org
Modified 2021-11-09T21:52:00

Description

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).