CVE-2021-34684: SQL Injection
First published: Mon Nov 08 2021(Updated: )
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Vantara | <=9.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-34684?
CVE-2021-34684 has been assigned a high severity due to the potential for unauthorized SQL query execution.
How do I fix CVE-2021-34684?
To mitigate CVE-2021-34684, users should update their Hitachi Vantara Pentaho software to a version later than 9.1.0.0.
Which versions of Hitachi Vantara Pentaho are affected by CVE-2021-34684?
CVE-2021-34684 affects Hitachi Vantara Pentaho versions up to and including 9.1.0.0.
What type of vulnerability is CVE-2021-34684?
CVE-2021-34684 is classified as a SQL injection vulnerability.
Can CVE-2021-34684 be exploited remotely?
Yes, CVE-2021-34684 can be exploited by an unauthenticated remote user.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hitachi
- canonical/hitachi vantara
- version/hitachi vantara/9.1.0.0