CVE-2021-45448 (GCVE-0-2021-45448)
Vulnerability from cvelistv5
Published
2022-11-02 15:12
Modified
2025-05-02 15:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Pentaho Business Analytics
Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho
Analyzer plugin exposes a service endpoint for templates which allows a
user-supplied path to access resources that are out of bounds.
The software uses external input to construct a pathname that is intended to identify a file or
directory that is located underneath a restricted parent directory, but the software does not
properly neutralize special elements within the pathname that can cause the pathname to
resolve to a location that is outside of the restricted directory. By using special elements such as
".." and "/" separators, attackers can escape outside of the restricted
location to access files or directories that are elsewhere on the
system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Vantara | Pentaho Business Analytics Server |
Version: 9.2 Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pentaho.com/hc/en-us/articles/6744743458701"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T15:47:51.519451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T15:48:03.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Pentaho Analyzer plugin"
],
"product": "Pentaho Business Analytics Server",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "9.2.0.2",
"status": "affected",
"version": "9.2",
"versionType": "ALL"
},
{
"lessThan": "8.3.0.25",
"status": "affected",
"version": "1.0",
"versionType": "All"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003ePentaho Business Analytics\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \nAnalyzer plugin exposes a service endpoint for templates which allows a \nuser-supplied path to access resources that are out of bounds.\u0026nbsp;\n\nThe software uses external input to construct a pathname that is intended to identify a file or \ndirectory that is located underneath a restricted parent directory, but the software does not \nproperly neutralize special elements within the pathname that can cause the pathname to \nresolve to a location that is outside of the restricted directory. \u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;By using special elements such as \n\"..\" and \"/\" separators, attackers can escape outside of the restricted \nlocation to access files or directories that are elsewhere on the \nsystem.\u003c/span\u003e\u003c/p\u003e\n\n"
}
],
"value": "Pentaho Business Analytics\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \nAnalyzer plugin exposes a service endpoint for templates which allows a \nuser-supplied path to access resources that are out of bounds.\u00a0\n\nThe software uses external input to construct a pathname that is intended to identify a file or \ndirectory that is located underneath a restricted parent directory, but the software does not \nproperly neutralize special elements within the pathname that can cause the pathname to \nresolve to a location that is outside of the restricted directory. \u00a0By using special elements such as \n\"..\" and \"/\" separators, attackers can escape outside of the restricted \nlocation to access files or directories that are elsewhere on the \nsystem.\n\n\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Many file operations are intended to take place within a restricted directory. By using special elements such as \"..\" and \"/\" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T15:12:25.164Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/6744743458701"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\u0026nbsp;to the latest Hitachi Vantara Pentaho version \n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \n\n\u003cbr\u003e"
}
],
"value": "\n\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\u00a0to the latest Hitachi Vantara Pentaho version \n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2021-45448",
"datePublished": "2022-11-02T15:12:25.164Z",
"dateReserved": "2021-12-21T05:57:40.703Z",
"dateUpdated": "2025-05-02T15:48:03.329Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.pentaho.com/hc/en-us/articles/6744743458701\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T04:39:21.052Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-45448\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-02T15:47:51.519451Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-02T15:47:55.495Z\"}}], \"cna\": {\"title\": \"Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Many file operations are intended to take place within a restricted directory. By using special elements such as \\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi Vantara\", \"modules\": [\"Pentaho Analyzer plugin\"], \"product\": \"Pentaho Business Analytics Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.2\", \"lessThan\": \"9.2.0.2\", \"versionType\": \"ALL\"}, {\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"8.3.0.25\", \"versionType\": \"All\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\n\\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\\u00a0to the latest Hitachi Vantara Pentaho version \\n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \\nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\\nThe defect may be mitigated either by uninstalling the Pentaho Analyzer plugin or upgrading\u0026nbsp;to the latest Hitachi Vantara Pentaho version \\n9.3 release. For versions 9.2 and 8.3 we recommend updating to Service \\nPacks 9.2.0.2/8.3.0.25 or above where this vulnerability is addressed. \\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://support.pentaho.com/hc/en-us/articles/6744743458701\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pentaho Business Analytics\\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \\nAnalyzer plugin exposes a service endpoint for templates which allows a \\nuser-supplied path to access resources that are out of bounds.\\u00a0\\n\\nThe software uses external input to construct a pathname that is intended to identify a file or \\ndirectory that is located underneath a restricted parent directory, but the software does not \\nproperly neutralize special elements within the pathname that can cause the pathname to \\nresolve to a location that is outside of the restricted directory. \\u00a0By using special elements such as \\n\\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted \\nlocation to access files or directories that are elsewhere on the \\nsystem.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\u003cp\u003ePentaho Business Analytics\\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \\nAnalyzer plugin exposes a service endpoint for templates which allows a \\nuser-supplied path to access resources that are out of bounds.\u0026nbsp;\\n\\nThe software uses external input to construct a pathname that is intended to identify a file or \\ndirectory that is located underneath a restricted parent directory, but the software does not \\nproperly neutralize special elements within the pathname that can cause the pathname to \\nresolve to a location that is outside of the restricted directory. \u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;By using special elements such as \\n\\\"..\\\" and \\\"/\\\" separators, attackers can escape outside of the restricted \\nlocation to access files or directories that are elsewhere on the \\nsystem.\u003c/span\u003e\u003c/p\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"dce6e192-ff49-4263-9134-f0beccb9bc13\", \"shortName\": \"HITVAN\", \"dateUpdated\": \"2022-11-02T15:12:25.164Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-45448\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-02T15:48:03.329Z\", \"dateReserved\": \"2021-12-21T05:57:40.703Z\", \"assignerOrgId\": \"dce6e192-ff49-4263-9134-f0beccb9bc13\", \"datePublished\": \"2022-11-02T15:12:25.164Z\", \"requesterUserId\": \"520cc88b-a1c8-44f6-9154-21a4d74c769f\", \"assignerShortName\": \"HITVAN\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…