{"vulnerability": "CVE-2021-34685", "sightings": [{"uuid": "11634186-2026-43b4-840c-83ad1d0c856e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34685", "type": "seen", "source": "https://t.me/cibsecurity/31951", "content": "\u203c CVE-2021-34685 \u203c\n\nUploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-08T07:28:38.000000Z"}]}