Customer Portal

Introducing Lumada DataOps Suite

Innovate with Data: Lumada simplifies data management with automation and collaboration.

With Lumada, you can: Gain 360-degree views of your customers, products and assets.

Streamline your business operations and take out cost, and meet stringent compliance demands.

"Critical Flaws Uncovered in Pentaho" article - Known issues explained

To all of our customers, for all of Hitachi Vantara's software products, we always recommend staying on a supported version and updating to the latest service pack. This practice ensures the latest fixes to known issues are applied and reduces the potential impact of any vulnerability that may be present in the software.  

Recently, an article was published by a third-party urging customers of Pentaho software to upgrade to the latest version of the software to mitigate vulnerabilities that could impact them.

Following the subtext and links within the article, it is revealed that every reported issue has a fix publicly available for review on Github.

Please be assured, we are aware of the issues reported in the article and with the exception of one, the latest versions of our currently supported releases (v8.3.x and v9.2.x) contain packaged fixes to each.

To clarify, here is a list of the issues raised in the published article, and the status of each:




CVE-2021-31599 (CVSS score: 9.9) 

Remote Code Execution through Pentaho Report Bundles

Released in June Service Packs 6/29/2021 – v8.3.0.23 & v9.1.0.8

CVE-2021-31601 (CVSS score: 7.1) 

Insufficient Access Control of Data Source Management

CVE-2021-31602 (CVSS score: 5.3)

Authentication Bypass of Spring APIs

CVE-2021-34684 (CVSS score: 9.8)

Unauthenticated SQL Injection

CVE-2021-31600 (CVSS score: 4.3) 

Jackrabbit User Enumeration

Product feature: There is no impact to users who are not authenticated

CVE-2021-34685 (CVSS score: 2.7)

Bypass of Filename Extension Restrictions

Addressed in November Service Pack for Pentaho v8.3 & 9.2
Targeted release date 11/26/2021

If you need more information or have any questions or concerns – Please feel free to open a support ticket, email Support or contact me directly.


Paul Cohen - Head of Customer Success & Support
paul.cohen at