119 matches found
CVE-2025-48998
DataEase CVE-2025-48998: Affects DataEase prior to 2.10.6 where a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The issue has been fixed in v2.10.10; no public workarounds are documented. Connected...
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...
PT-2025-23669 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: A bypass of the patch for a previous issue exists, allowing for the construction of a malicious JDBC statement. In a malicious payload, the getUrlType function retrieves the hostName. Since the...
PT-2025-23670 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: The issue concerns ineffective secret verification in DataEase, allowing a user to forge a JWT token using any secret. This could potentially lead to unauthorized access. The problem has been...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.10 that stem...
CVE-2024-30269
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...
CVE-2024-47073
DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...
CVE-2024-55953
DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised ...
CVE-2024-52295
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2...
CVE-2023-28437
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...
CVE-2023-35164
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...
CVE-2023-32310
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
CVE-2023-40183
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...
CVE-2022-34114
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...
CVE-2022-34115
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...
CVE-2021-38239
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...
CVE-2025-46566
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...
CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in versions prior to DataEase 2.10.9 , which...