Lucene search
+L

8 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/05/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-31602

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...

7.5CVSS7.2AI score0.51653EPSS
Exploits5References1
Circl
Circl
added 2021/11/08 7:28 a.m.82 views

CVE-2021-31602

creationtimestamp| type| source ---|---|--- 2021-11-08 07:28:33+00:00| seen| https://t.me/cibsecurity/31947 2024-10-28 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-10-28 2024-11-04 00:00:00+00:00| exploited| The Shadowserver...

7.5CVSS7.3AI score0.51653EPSS
In wildExploits5References4
ATTACKERKB
ATTACKERKB
added 2021/11/08 4:15 a.m.3 views

CVE-2021-31602

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...

7.5CVSS7AI score0.51653EPSS
Exploits5References4
CVE
CVE
added 2021/11/08 3:30 a.m.136 views

CVE-2021-31602

Hitachi Vantara Pentaho (through 9.1) and Pentaho BI Server (through 7.x) are affected by CVE-2021-31602, an authentication bypass caused by the applicationContext-spring-security.xml security layer. An unauthenticated user can extract information without valid credentials. NVD lists CVSS v3.1 ba...

7.5CVSS7.5AI score0.51653EPSS
In wildExploits5References2Affected Software2
0day.today
0day.today
added 2021/11/07 12:0 a.m.991 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass Vulnerability

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.\Z" access="Authent...

7.5CVSS8.8AI score0.51653EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.443 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.require-js-cfg.js.\Z" access="Anonymous,...

8.3AI score0.51653EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.811 views

Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Unauthenticated SQL Injection Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public Disclosure: 01...

8.8AI score0.51653EPSS
Exploits6
The Hacker News
The Hacker News
added 2021/11/01 12:8 p.m.45 views

Critical Flaws Uncovered in Pentaho Business Analytics Software

Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...

9.8CVSS1.1AI score0.51653EPSS
Exploits18
Rows per page
Query Builder