First published: Mon Nov 08 2021(Updated: )
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Hitachi Vantara | <=9.1.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34684 has been assigned a high severity due to the potential for unauthorized SQL query execution.
To mitigate CVE-2021-34684, users should update their Hitachi Vantara Pentaho software to a version later than 9.1.0.0.
CVE-2021-34684 affects Hitachi Vantara Pentaho versions up to and including 9.1.0.0.
CVE-2021-34684 is classified as a SQL injection vulnerability.
Yes, CVE-2021-34684 can be exploited by an unauthenticated remote user.