4 matches found
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...
CVE-2021-34684
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...
CVE-2021-34684
CVE-2021-34684 affects Hitachi Vantara Pentaho Business Analytics (≤ 9.1). The vulnerability is an unauthenticated SQL injection in Pentaho’s data-source handling that allows an attacker to execute arbitrary SQL against the backend database and retrieve data, demonstrated through the api/repos/da...
Critical Flaws Uncovered in Pentaho Business Analytics Software
Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...