ID
VAR-202111-0080
CVE
CVE-2021-34684
TITLE
Hitachi Vantara Pentaho Business Analytic In SQL Injection vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2021-014775
DESCRIPTION
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI. Hitachi Vantara Pentaho Business Analytic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.71
sources:
NVD: CVE-2021-34684 //
JVNDB: JVNDB-2021-014775 //
VULMON: CVE-2021-34684
AFFECTED PRODUCTS
| vendor: | hitachi | model: | vantara pentaho | scope: | lte | version: | 9.1.0.0 | Trust: 1.0 |
| vendor: | 日立 | model: | vantara pentaho | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | 日立 | model: | vantara pentaho | scope: | eq | version: | 9.1 to | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-014775 //
NVD: CVE-2021-34684
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULMON: CVE-2021-34684 //
JVNDB: JVNDB-2021-014775 //
CNNVD: CNNVD-202111-538 //
NVD: CVE-2021-34684 //
NVD: CVE-2021-34684
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.0 |
| problemtype: | SQL injection (CWE-89) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-014775 //
NVD: CVE-2021-34684
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202111-538
TYPE
SQL injection
Trust: 0.6
sources:
CNNVD: CNNVD-202111-538
PATCH
| title: | Security Information | url: | https://www.hitachi.com/hirt/security/index.html | Trust: 0.8 |
| title: | Hitachi Vantara Pentaho SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169498 | Trust: 0.6 |
| title: | - | url: | https://github.com/20142995/Goby | Trust: 0.1 |
sources:
VULMON: CVE-2021-34684 //
JVNDB: JVNDB-2021-014775 //
CNNVD: CNNVD-202111-538
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-34684 | Trust: 3.3 |
| db: | PACKETSTORM | id: | 164791 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2021-014775 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202111-538 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2021-34684 | Trust: 0.1 |
sources:
VULMON: CVE-2021-34684 //
JVNDB: JVNDB-2021-014775 //
CNNVD: CNNVD-202111-538 //
NVD: CVE-2021-34684
REFERENCES
| url: | http://packetstormsecurity.com/files/164791/pentaho-business-analytics-pentaho-business-server-9.1-sql-injection.html | Trust: 3.1 |
| url: | https://www.hitachi.com/hirt/security/index.html | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-34684 | Trust: 1.4 |
| url: | https://cwe.mitre.org/data/definitions/89.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | http://seclists.org/fulldisclosure/2021/nov/10 | Trust: 0.1 |
sources:
VULMON: CVE-2021-34684 //
JVNDB: JVNDB-2021-014775 //
CNNVD: CNNVD-202111-538 //
NVD: CVE-2021-34684
SOURCES
| db: | VULMON | id: | CVE-2021-34684 |
| db: | JVNDB | id: | JVNDB-2021-014775 |
| db: | CNNVD | id: | CNNVD-202111-538 |
| db: | NVD | id: | CVE-2021-34684 |
LAST UPDATE DATE
2024-08-14T14:55:46.150000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2021-34684 | date: | 2021-11-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-014775 | date: | 2022-10-27T07:09:00 |
| db: | CNNVD | id: | CNNVD-202111-538 | date: | 2021-11-15T00:00:00 |
| db: | NVD | id: | CVE-2021-34684 | date: | 2021-11-09T21:36:58.753 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2021-34684 | date: | 2021-11-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-014775 | date: | 2022-10-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202111-538 | date: | 2021-11-05T00:00:00 |
| db: | NVD | id: | CVE-2021-34684 | date: | 2021-11-08T04:15:08.320 |