Vulnerability Details CVE-2021-31599
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/164772/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Remote-Code-Execution.html
- https://www.hitachi.com/hirt/security/index.html
- http://packetstormsecurity.com/files/164772/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Remote-Code-Execution.html
- https://www.hitachi.com/hirt/security/index.html
Products affected by CVE-2021-31599
-
cpe:2.3:a:hitachi:vantara_pentaho:-
-
cpe:2.3:a:hitachi:vantara_pentaho:7.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:7.1.0.25
-
cpe:2.3:a:hitachi:vantara_pentaho:8.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:8.2.0.6
-
cpe:2.3:a:hitachi:vantara_pentaho:8.3.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:8.3.0.25
-
cpe:2.3:a:hitachi:vantara_pentaho:8.3.0.9
-
cpe:2.3:a:hitachi:vantara_pentaho:9.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:9.0.0.1
-
cpe:2.3:a:hitachi:vantara_pentaho:9.1.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:-
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:1.2.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:1.6.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:1.7.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:1.7.1
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:2.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.10.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.5.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.5.2
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.6.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.7.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.8.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:3.9.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:4.5.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:4.8.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:5.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:5.1
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:5.2
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:5.3
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:5.4
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:6.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:6.1
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:7.0
-
cpe:2.3:a:hitachi:vantara_pentaho_business_intelligence_server:7.1