Lucene search
K

702 matches found

OSV
OSV
added 2023/06/26 8:11 p.m.18 views

CVE-2023-35168 DataEase has a privilege bypass vulnerability

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords,...

6.5CVSS6.5AI score0.00714EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.6 views

PT-2023-24893 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.8 Description: The issue allows unauthorized users to delete an application erroneously, which can lead to unintended data loss. This problem has been fixed in version 1.18.8. Recommendations: For versions prio...

8.1CVSS7.8AI score0.00746EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.5 views

PT-2023-25179 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.8 Description: The issue allows ordinary users to bypass privileges and gain access to the user database, exposing sensitive information including md5 hashes of passwords, usernames, emails, and phone numbers...

6.5CVSS6.5AI score0.00714EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.4 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from a privilege...

6.5CVSS6.4AI score0.00714EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.2 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from the possibility th...

8.1CVSS7.6AI score0.00746EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.5 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8 that stems from a lack of...

6.5CVSS6.4AI score0.00445EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.6 views

PT-2023-25175 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.8 Description: The issue is related to a missing authorization check, allowing unauthorized users to manipulate a dashboard created by the administrator in an open source data visualization analysis tool...

6.5CVSS6.2AI score0.00445EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2023/06/02 5:9 p.m.5 views

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.18.6), io.dataease:dataease-plugin-interface (>=1.0 <=1.18.6) +1 more potentially affected by CVE-2023-32310 via io.dataease:dataease-plugin-common (>=1.0 <=1.18.6)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.18.6 Source cves: CVE-2023-32310 Source advisory: OSV:GHSA-7HV6-GV38-78WJ...

8.1CVSS7.2AI score0.01014EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/06/02 5:9 p.m.44 views

DataEase API interface has IDOR vulnerability

Impact The api interface for DataEase delete dashboard and delete system messages is vulnerable to IDOR. The interface to delete the dashboard: 1. Create two users: user1 and user2 2. User1 creates a dashboard named pan1 3. User2 creates a dashboard named pan2 4. Both user1 and user2 share their...

8.1CVSS6.8AI score0.01014EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/06/02 5:9 p.m.4 views

GHSA-7HV6-GV38-78WJ DataEase API interface has IDOR vulnerability

Impact The api interface for DataEase delete dashboard and delete system messages is vulnerable to IDOR. The interface to delete the dashboard: 1. Create two users: user1 and user2 2. User1 creates a dashboard named pan1 3. User2 creates a dashboard named pan2 4. Both user1 and user2 share their...

8.1CVSS6AI score0.01014EPSS
Exploits1References6
NVD
NVD
added 2023/06/01 4:15 p.m.19 views

CVE-2023-33963

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

9.8CVSS9.8AI score0.01344EPSS
Exploits1References2
NVD
NVD
added 2023/06/01 4:15 p.m.15 views

CVE-2023-32310

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

8.1CVSS8AI score0.01014EPSS
Exploits1References4
Prion
Prion
added 2023/06/01 4:15 p.m.19 views

Deserialization of untrusted data

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

7.5CVSS9.6AI score0.01344EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/06/01 3:9 p.m.31 views

CVE-2023-33963 DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

9.8CVSS9.4AI score0.01344EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/06/01 3:9 p.m.28 views

CVE-2023-33963 DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

9.8CVSS9.9AI score0.01344EPSS
Exploits1References2
CVE
CVE
added 2023/06/01 3:9 p.m.48 views

CVE-2023-33963

DataEase (open source data visualization/analysis tool) contains a deserialization vulnerability in the DataEase datasource prior to version 1.18.7 that allows arbitrary code execution. The issue is fixed in v1.18.7; there are no known workarounds other than upgrading. CVSS metrics indicate a CRI...

9.8CVSS9.8AI score0.01344EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/01 3:9 p.m.6 views

CVE-2023-33963 DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

9.8CVSS7.5AI score0.01344EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/06/01 3:5 p.m.10 views

CVE-2023-32310 DataEase API interface has IDOR vulnerability

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

8.1CVSS6.7AI score0.01014EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/06/01 3:5 p.m.33 views

CVE-2023-32310 DataEase API interface has IDOR vulnerability

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

8.1CVSS8.2AI score0.01014EPSS
Exploits1References4
CVE
CVE
added 2023/06/01 3:5 p.m.52 views

CVE-2023-32310

CVE-2023-32310 affects DataEase, where the API endpoints for deleting dashboards and deleting system messages are vulnerable to insecure direct object references (IDOR). The flaw could allow a user to delete another user’s dashboard or messages or interfere with marking messages read. Affected ve...

8.1CVSS8AI score0.01014EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder