702 matches found
CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...
PT-2025-34683
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open source business intelligence and data visualization tool. Due to insufficient filtering of DB2 parameters, a JNDI injection attack can be launched, triggering an AspectJWeave...
PT-2025-34686 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open-source business intelligence and data visualization tool. Prior to version 2.10.12, a H2 JDBC Remote Code Execution RCE bypass exists. If the JDBC URL meets specific criteria...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version before 2.10.12 has a security vulnerability , the vulnerabilit...
DataEase 代码注入漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase versions prior to 2.10.1...
The vulnerability of the Dataease database management system, related to improper elimination of surrogate characters, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Dataease database management system is related to the improper elimination of surrogate characters when connecting to PostgreSQL and Redshift databases. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...
CVE-2025-53006
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
Logic flaw vulnerability in DataEase of Hangzhou Feizhiyun Information Technology Co. Ltd (CNVD-2025-19437)
DataEase is open source data visualization and analysis tools. DataEase by Hangzhou Feizhiyun Information Technology Co. Ltd. has a logic flaw vulnerability that can be exploited by attackers to bypass authentication...
CVE-2025-53005
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53004
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53006
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
CVE-2025-53006
DataEase before version 2.10.11 vulnerable due to improper handling of SSL-related JDBC connection parameters (sslfactory, sslfactoryarg, sslhostnameverifier, sslpasswordcallback, authenticationPluginClassName) which must be triggered after the connection is established. This affects PostgreSQL a...
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.11 that stem...
CVE-2025-53005
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...