Arbitrary File Upload Vulnerability in Hitachi Vantara Pentaho Business Analytics

Arbitrary File Upload Vulnerability in Hitachi Vantara Pentaho Business Analytics

CVE-2021-34685 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).

Learn more about our User Device Pen Test.