CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

PT-2025-27634 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. The issue lies in parameters like sslfactory and sslfactoryarg, which have similar functionality to socketfactory an...

PT-2025-26969 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: The issue concerns a feature in Java where certain characters are converted to their uppercase equivalents, potentially allowing a threat actor to craft a message that exploits this character...

PT-2025-23658 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 DataEase version 2.10.6 through 2.10.9 Description: The issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection due to a bypass of a previous patch...

PT-2025-23671

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.10 Description DataEase is an open source business intelligence and data visualization tool. The issue arises from a flaw in the patch that allows it to be bypassed due to case insensitivity, as INIT and RUNSCRI...

PT-2025-18683 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.9 Description: DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete Remote Code Execution RCE through the backend JDBC link. This issue has been...

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

PT-2025-11211 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.6 Description: DataEase is an open source business intelligence and data visualization tool. A patch bypass issue allows authenticated users to read and deserialize arbitrary files through the background JDBC...

CVE-2024-47073 Dataease arbitrary interface access vulnerability

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...

PT-2024-32390 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.2 Description: The issue is related to the lack of signature verification of jwt tokens, which allows attackers to forge jwt tokens and gain access to any interface. There are no known workarounds for this issu...

PT-2024-23310 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.5.0 Description: The issue concerns a database configuration information exposure. Visiting the "/de2api/engine/getEngine;.js" API endpoint via a browser reveals the platform's database configuration. The estimate...

PT-2023-27633 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase version 1.18.9 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. Recommendations: For DataEase version 1.18.9, at the moment, there is ...

PT-2023-25861 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.9 Description: DataEase is an open source data visualization analysis tool. It has a SQL injection vulnerability that can bypass blacklists. Recommendations: For versions prior to 1.18.9, update to version 1.18...

PT-2023-21865 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.5 Description: DataEase is an open source data visualization analysis tool where users can modify data, and data sources are expected to sanitize data properly. However, the AWS redshift data source does not...

PT-2023-21720 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 1.18.5 Description: Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. Recommendations: For versions prior to 1.18.5, update to version...