4 matches found
CVE-2024-55952
DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as...
CVE-2024-55952
creationtimestamp| type| source ---|---|--- 2024-12-18 18:52:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113675333546421490 2024-12-18 21:13:33+00:00| seen| https://t.me/cvedetector/13233 2025-02-20 23:26:55+00:00| seen| Telegram/dRP6a6Ya1aIndRCDkvnfQabYrA4rAxqYlALU4rFX9zu7zMmb...
CVE-2024-55952
DataEase DataEase vulnerability CVE-2024-55952 allows authenticated users to execute code remotely via the backend JDBC connection by constructing an unsanitized JDBC URL. The host string example ip:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socket...
CVE-2024-55952 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability
DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as...