8 matches found
VulnCheck KEV: CVE-2021-31602
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...
CVE-2021-31602
creationtimestamp| type| source ---|---|--- 2021-11-08 07:28:33+00:00| seen| https://t.me/cibsecurity/31947 2024-10-28 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-10-28 2024-11-04 00:00:00+00:00| exploited| The Shadowserver...
CVE-2021-31602
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...
CVE-2021-31602
Hitachi Vantara Pentaho (through 9.1) and Pentaho BI Server (through 7.x) are affected by CVE-2021-31602, an authentication bypass caused by the applicationContext-spring-security.xml security layer. An unauthenticated user can extract information without valid credentials. NVD lists CVSS v3.1 ba...
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass Vulnerability
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.\Z" access="Authent...
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.require-js-cfg.js.\Z" access="Anonymous,...
Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Unauthenticated SQL Injection Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public Disclosure: 01...
Critical Flaws Uncovered in Pentaho Business Analytics Software
Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...