CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53004

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53004

DataEase (open source BI tool) prior to version 2.10.11 is affected by a bypass vulnerability in the Redshift Data Source JDBC Connection Parameters. The issue is triggered by the sslfactory and sslfactoryarg parameters, allowing bypass of security controls. A fix is available in version 2.10.11,...

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

PT-2025-27411 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's Redshift Data Source JDBC Connection Parameters. The sslfactory and...

DataEase 授权问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. An authorization issue vulnerability exists in DataEase versions prior to 2.10....

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.11 before the existence of a security vulnerability , the...

PT-2025-27412 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and...

CVE-2025-49003

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

CVE-2025-49003

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

CVE-2025-49003

DataEase (H2) prior to version 2.10.11 is vulnerable to a Java character-conversion issue where certain characters (for example, ı -> I and ſ -> S) can be manipulated to trigger remote code execution. Affected component is the Java-based text/processing logic linked to the DataEase data vis...

PT-2025-27634 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. The issue lies in parameters like sslfactory and sslfactoryarg, which have similar functionality to socketfactory an...

PT-2025-26969 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: The issue concerns a feature in Java where certain characters are converted to their uppercase equivalents, potentially allowing a threat actor to craft a message that exploits this character...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.11, which...

CVE-2025-48999

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...