PT-2025-27634 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. The issue lies in parameters like sslfactory and sslfactoryarg, which have similar functionality to socketfactory an...

PT-2025-23671

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.10 Description DataEase is an open source business intelligence and data visualization tool. The issue arises from a flaw in the patch that allows it to be bypassed due to case insensitivity, as INIT and RUNSCRI...

PT-2025-18683 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.9 Description: DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete Remote Code Execution RCE through the backend JDBC link. This issue has been...

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2024-47073 Dataease arbitrary interface access vulnerability

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...