N/A

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

N/A

Hitachi Vantara Pentaho和Hitachi Vantara Pentaho Business Analytics 代码问题漏洞

Hitachi Vantara Pentaho是日本Hitachi公司的一款用于大数据环境中对数据进行存储和管理的服务。Hitachi Vantara Pentaho Business Analytics是美国Hitachi Vantara公司的一个业务分析平台。用于安全地访问、集成、操作、可视化和分析大数据资产。 Hitachi Vantara Pentaho Business Analytics 和 Pentaho Business Server 9.1存在安全漏洞，该漏洞源于文件上传功能可以通过包含

N/A

N/A