Lucene search
+L

119 matches found

CVE
CVE
added 2025/06/03 6:27 p.m.68 views

CVE-2025-48998

DataEase CVE-2025-48998: Affects DataEase prior to 2.10.6 where a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The issue has been fixed in v2.10.10; no public workarounds are documented. Connected...

8.8CVSS6.3AI score0.00439EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/06/03 6:27 p.m.6 views

CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

8.6CVSS6.5AI score0.00439EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.7 views

PT-2025-23669 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: A bypass of the patch for a previous issue exists, allowing for the construction of a malicious JDBC statement. In a malicious payload, the getUrlType function retrieves the hostName. Since the...

8.8CVSS6.3AI score0.06786EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.11 views

PT-2025-23670 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: The issue concerns ineffective secret verification in DataEase, allowing a user to forge a JWT token using any secret. This could potentially lead to unauthorized access. The problem has been...

9.8CVSS6AI score0.21265EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.3 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.10 that stem...

8.8CVSS6.5AI score0.06786EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.4 views

CVE-2024-30269

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...

5.3CVSS6.4AI score0.16EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.14 views

CVE-2024-47073

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The...

9.3CVSS7.3AI score0.01223EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.12 views

CVE-2024-55953

DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised ...

8.6CVSS6.4AI score0.01053EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:32 a.m.18 views

CVE-2024-52295

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2...

9.8CVSS6.8AI score0.00833EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.9 views

CVE-2023-28437

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...

9.8CVSS8AI score0.00882EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.12 views

CVE-2023-35164

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

6.5CVSS6.8AI score0.00445EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.7 views

CVE-2023-33963

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

9.8CVSS7.5AI score0.01344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.8 views

CVE-2023-32310

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

8.1CVSS6.7AI score0.01014EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.11 views

CVE-2023-40183

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

7.5CVSS6.8AI score0.00636EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.8 views

CVE-2022-34114

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...

8.8CVSS8.2AI score0.00779EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.6 views

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

9.8CVSS7.5AI score0.00977EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.14 views

CVE-2021-38239

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...

7.5CVSS7.8AI score0.00692EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/03 6:6 p.m.27 views

CVE-2025-46566

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

9.8CVSS7AI score0.00615EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 5:20 p.m.8 views

CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

7.7CVSS6.4AI score0.00615EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in versions prior to DataEase 2.10.9 , which...

9.8CVSS7.6AI score0.00615EPSS
Exploits1References1
Rows per page
Query Builder