Published: 08/11/2021 Updated: 09/11/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

An issue exists in Hitachi Vantara Pentaho up to and including 9.1 and Pentaho Business Intelligence Server up to and including 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hitachi vantara pentaho
hitachi vantara pentaho business intelligence server

Pentaho allows users to create and run Pentaho Report Bundles (prpt) Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports However, the BeanShell Script functions can allow for the execution of arbitrary Java code when Pentaho PRPT Reports ...

Full Disclosure mailing list archives   By Date By Thread </form>    Pentaho <= 91 Remote Code Execution   From: BlackHawk <haw ...

CWE-434 https://www.hitachi.com/hirt/security/index.html http://packetstormsecurity.com/files/164772/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/164772/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Remote-Code-Execution.html

CVE-2021-31599

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect