CVE-2021-31602
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 23, 2021
- Published Date
- November 08, 2021
- Last Updated
- August 03, 2024
- Vendor
- Hitachi Vantara
- Product
- Pentaho
- Description
- An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.
- Tags
- Score
- 93.11% (Percentile: 99.78%) as of 2025-07-17
- Exploited in the Wild
- Yes (2025-07-01 00:00:00 UTC) Source
nuclei_scanner
CVSS Scores
CVSS v3.1
5.3 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS v2.0
5.0
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Score
Exploit Status
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
The Shadowserver (via CIRCL) | 2025-07-02 12:00:13 UTC |
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-31602.yaml | 2025-04-26 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel