Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application.
The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from Census Labs