CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637

CVE-2023-28637 affects DataEase when using the AWS Redshift data source ; lack of data sanitization can enable remote code execution . The issue is tied to how input is sanitized by the Redshift source, and multiple sources reiterate this vulnerability. A fix is available in DataEase ≥ 1.18.5 ; u...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28437

Dataease SQL injection vulnerability (CVE-2023-28437) is caused by a missing entries in the keyword blacklist protecting against SQLi. Affects Dataease prior to version 1.18.5; fix released in 1.18.5. CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack, LOW complexity, no privileges, no user ...

Unrestricted file upload

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

CVE-2023-28435 Dataease file upload interface does not verify permission or file type

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

SAP BusinessObjects Business Intelligence Platform Information Leakage Vulnerability

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. An information disclosure vulnerability exists in SAP BusinessObjects...

CVE-2023-25807

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

Code injection

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-25807

DataEase dashboard storage vulnerability (CVE-2023-25807) allows stored XSS via manipulated saved data. Affected software: DataEase open-source data visualization/analysis tool. Root cause: saving a dashboard can store malicious code which is executed server-side when the dashboard is viewed. Imp...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

SquaredUp Dashboard Server SCOM Edition 跨站脚本漏洞

SquaredUp Dashboard Server SCOM Edition is a data visualization platform for Microsoft System Center Operations Manager and OMS from SquaredUp. A security vulnerability exists in SquaredUp Dashboard Server SCOM Edition prior to 5.7.1 GA that stems from the SquaredUp SCOM version allowing XSS...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:0362-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0362-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1...

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0353-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0353-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugi...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05220)

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the dashboard rendering to adequately clean up the content of the Markdown component, which could be exploited b...

Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)

An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...

Apache Superset 跨站脚本漏洞

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the upload data form to properly render user input, which could be exploited by an attacker to cause a cross-sit...

FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6f6c9420-6297-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Versions of Grafana for...

CVE-2022-39362

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

CVE-2022-39360

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...