Critical Flaws Uncovered in Pentaho Business Analytics Software
Nov 01, 2021
Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from Census Labs earlier this year, prompting the company to issue necessary patches to address the issues. Pentaho is a Java-based business intelligence platform that offers data integration, analytics, online analytical processing (OLAP), and mining capabilities, and counts major companies and organizations like Bell, CERN, Cipal, Logitech, Nasdaq, Telefonica, Teradata, and the National September 11 Memorial and Museum among its customers. The list of flaws, which affect Pentaho Business Analytics versions 9.1 and lower, is as follows - CVE-2021-31599 ...
