First published: Mon Nov 08 2021(Updated: )
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Hitachi Vantara Pentaho | <=9.1.0.0 | |
Hitachi Vantara Pentaho Business Intelligence Server | <=7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-31599.
The severity rating for CVE-2021-31599 is 8.8 (High).
The affected software for CVE-2021-31599 is Hitachi Vantara Pentaho through version 9.1 and Pentaho Business Intelligence Server through version 7.x.
CVE-2021-31599 is a vulnerability in Hitachi Vantara Pentaho and Pentaho Business Intelligence Server that allows an authenticated user to run arbitrary code by including BeanShell scripts in a reports (.prpt) file.
Yes, you can find references for CVE-2021-31599 at the following links: [Packet Storm Security](http://packetstormsecurity.com/files/164772/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Remote-Code-Execution.html) and [Hitachi Vantara Security](https://www.hitachi.com/hirt/security/index.html).