Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.7 views

CVE-2025-57773

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

9.8CVSS7.2AI score0.07306EPSS
Exploits1References1
NVD
NVD
added 2025/08/25 5:15 p.m.6 views

CVE-2025-57773

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

9.8CVSS0.07306EPSS
Exploits1References2
CVE
CVE
added 2025/08/25 4:42 p.m.33 views

CVE-2025-57773

CVE-2025-57773 affects DataEase prior to version 2.10.12, where unfiltered DB2 parameters enable a JNDI injection that triggers an AspectJWeaver deserialization attack, writing to files. The exploitation requires the presence of commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerabil...

9.8CVSS6.7AI score0.07306EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.6 views

PT-2025-34683

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open source business intelligence and data visualization tool. Due to insufficient filtering of DB2 parameters, a JNDI injection attack can be launched, triggering an AspectJWeave...

9.8CVSS6.7AI score0.07306EPSS
Exploits1References12
Rows per page
Query Builder