702 matches found
CVE-2022-34112
CVE-2022-34112 describes an access-control flaw in DataEase v1.11.1 where non-admin users can arbitrarily uninstall the plugin via /api/plugin/uninstall. The issue’s root cause is improper permission checks on the uninstall endpoint, enabling privilege escalation to perform a destructive action. ...
CVE-2022-34112
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...
CVE-2022-34114
Dataease v1.11.1 contains a SQL injection vulnerability in the dataSourceId parameter (SQL injection via /dataset/table/sqlPreview). CVSSv3.1 base score 8.8 (HIGH) with NETWORK attack vector, low complexity, privileges required LOW, no user interaction. Public references (NVD entry, Red Hat advis...
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
CVE-2022-34113
CVE-2022-34113 affects DataEase v1.11.1, where the vulnerable component is the /api/plugin/upload endpoint. A crafted plugin can lead to arbitrary code execution on the server due to improper handling in the upload workflow. Remediation: upgrade to DataEase v1.11.2, which contains a patch address...
CVE-2022-34115
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...
CVE-2022-34115
DataEase v1.11.1 is affected by a SQL injection vulnerability via the dataSourceId parameter. The issue is tracked as CVE-2022-34115; it is reported as critical (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A fix is available in v1.11.2. The connected sources also reference advisories and...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a security vulnerability , the vulnerability stems from the plug-in...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a security vulnerability , the vulnerability stems from the plug-in...
DataEase SQL注入漏洞
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. DataEase v1.11.1 SQL injection vulnerability exists , the vulnerability stems from ordinary rights...
DataEase 代码问题漏洞
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a code issue vulnerability , the vulnerability stems from the existence of...
PT-2022-22013 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase version 1.11.1 Description: The issue is related to a SQL injection vulnerability. It occurs via the parameter dataSourceId. There is no information about the estimated number of potentially affected devices worldwide or real-world...
PT-2022-22011 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: Dataease version 1.11.1 Description: An issue in the component "/api/plugin/upload" of Dataease allows attackers to execute arbitrary code via a crafted plugin. Recommendations: For Dataease version 1.11.1, update to version 1.11.2 to resolve...
DataEase Access Control Error Vulnerability
DataEase is an open source data visualization and analysis tool. An access control error vulnerability exists in DataEase, which stems from the fact that the product allows authorized users to access all user information and change administrator passwords. No details of the vulnerability are...
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...
Default credentials
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...
CVE-2022-23331
Summary: DataEase v1.6.1 contains an access-control vulnerability that allows an authenticated user to access all user information and to change the administrator password. The issue is described as an access control error in DataEase; no details about a patch are provided in the connected docume...