Vulnerability Description
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachi | Vantara Pentaho | <= 9.1.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164791/Pentaho-Business-Analytics-Pentaho-BExploitThird Party AdvisoryVDB Entry
- https://www.hitachi.com/hirt/security/index.htmlVendor Advisory
- http://packetstormsecurity.com/files/164791/Pentaho-Business-Analytics-Pentaho-BExploitThird Party AdvisoryVDB Entry
- https://www.hitachi.com/hirt/security/index.htmlVendor Advisory
FAQ
What is CVE-2021-34684?
CVE-2021-34684 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as ...
How severe is CVE-2021-34684?
CVE-2021-34684 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34684?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Vantara Pentaho.