漏洞描述
Pentaho是世界上最流行的开源商务智能软件,以工作流为核心的,强调面向解决方案而非工具组件的,基于java平台的商业智能(BusinessIntelligence,BI)套件BI。Pentaho Spring APIs可通过发送特殊请求的请求包,导致越权访问,获取敏感数据
Pentaho Spring APIs require-cfg.js 存在越权访问漏洞(CVE-2021-31602)
PoC代码
暂无相关漏洞推荐
- Spring Cloud Gateway 信息泄露漏洞(CVE-2025-41243)
- Spring Cloud Gateway环境属性修改漏洞 (CVE-2025-41243)
- BLINK routers set_AdvDns_cfg 命令执行漏洞
- CVE-2019-3799: Spring Cloud Config Server Directory Traversal
- springboot-actuator-unauth: Springboot Actuator Unauth
- springblade-export-user-sqli: SpringBlade 框架后台 export-user 路径 SQL 注入漏洞
- POC spring4shell-CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
- POC CVE-2016-4977: Spring Security OAuth2 Remote Command Execution
- POC CVE-2017-8046: Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
- POC CVE-2018-1271: Spring MVC Framework - Local File Inclusion
- POC CVE-2018-1273: Spring Data Commons - Remote Code Execution
- POC CVE-2019-3799: Spring Cloud Config Server - Local File Inclusion
- POC CVE-2020-5405: Spring Cloud Config - Local File Inclusion