Arbitrary Code Execution Vulnerability in Hitachi Vantara Pentaho

Arbitrary Code Execution Vulnerability in Hitachi Vantara Pentaho

CVE-2021-31599 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.

Learn more about our Cis Benchmark Audit For Server Software.