UploadService in Hitachi Vantara... CVE-2021-34685

- AV AC AU C I A
发布: 2021-11-05
修订: 2022-04-29

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).

0%
暂无可用Exp或PoC
当前有0条受影响产品信息