Lucene search
K

702 matches found

CVE
CVE
added 2022/07/22 10:17 p.m.435 views

CVE-2022-34112

CVE-2022-34112 describes an access-control flaw in DataEase v1.11.1 where non-admin users can arbitrarily uninstall the plugin via /api/plugin/uninstall. The issue’s root cause is improper permission checks on the uninstall endpoint, enabling privilege escalation to perform a destructive action. ...

6.5CVSS6.3AI score0.00524EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/22 10:17 p.m.27 views

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

6.6AI score0.00524EPSS
Exploits1References1
CVE
CVE
added 2022/07/22 10:17 p.m.79 views

CVE-2022-34114

Dataease v1.11.1 contains a SQL injection vulnerability in the dataSourceId parameter (SQL injection via /dataset/table/sqlPreview). CVSSv3.1 base score 8.8 (HIGH) with NETWORK attack vector, low complexity, privileges required LOW, no user interaction. Public references (NVD entry, Red Hat advis...

8.8CVSS9AI score0.00779EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/22 10:17 p.m.24 views

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...

9.8AI score0.01087EPSS
Exploits1References1
CVE
CVE
added 2022/07/22 10:17 p.m.428 views

CVE-2022-34113

CVE-2022-34113 affects DataEase v1.11.1, where the vulnerable component is the /api/plugin/upload endpoint. A crafted plugin can lead to arbitrary code execution on the server due to improper handling in the upload workflow. Remediation: upgrade to DataEase v1.11.2, which contains a patch address...

9.8CVSS9.5AI score0.01087EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/22 10:16 p.m.27 views

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

9.8AI score0.00977EPSS
Exploits1References2
CVE
CVE
added 2022/07/22 10:16 p.m.78 views

CVE-2022-34115

DataEase v1.11.1 is affected by a SQL injection vulnerability via the dataSourceId parameter. The issue is tracked as CVE-2022-34115; it is reported as critical (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A fix is available in v1.11.2. The connected sources also reference advisories and...

9.8CVSS9.6AI score0.00977EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.3 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a security vulnerability , the vulnerability stems from the plug-in...

9.8CVSS8.7AI score0.01087EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.4 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a security vulnerability , the vulnerability stems from the plug-in...

6.5CVSS6.5AI score0.00524EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.4 views

DataEase SQL注入漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. DataEase v1.11.1 SQL injection vulnerability exists , the vulnerability stems from ordinary rights...

8.8CVSS8.1AI score0.00779EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.3 views

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a code issue vulnerability , the vulnerability stems from the existence of...

9.8CVSS8.9AI score0.00977EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/22 12:0 a.m.5 views

PT-2022-22013 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase version 1.11.1 Description: The issue is related to a SQL injection vulnerability. It occurs via the parameter dataSourceId. There is no information about the estimated number of potentially affected devices worldwide or real-world...

9.8CVSS9.5AI score0.00977EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2022/07/22 12:0 a.m.4 views

PT-2022-22011 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: Dataease version 1.11.1 Description: An issue in the component "/api/plugin/upload" of Dataease allows attackers to execute arbitrary code via a crafted plugin. Recommendations: For Dataease version 1.11.1, update to version 1.11.2 to resolve...

9.8CVSS9.5AI score0.01087EPSS
Exploits1References9
CNVD
CNVD
added 2022/02/14 12:0 a.m.20 views

DataEase Access Control Error Vulnerability

DataEase is an open source data visualization and analysis tool. An access control error vulnerability exists in DataEase, which stems from the fact that the product allows authorized users to access all user information and change administrator passwords. No details of the vulnerability are...

8.8CVSS4.3AI score0.01175EPSS
Exploits1References1
OSV
OSV
added 2022/02/08 1:15 p.m.13 views

CVE-2022-23331

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...

8.8CVSS6.6AI score
Exploits0References1
NVD
NVD
added 2022/02/08 1:15 p.m.21 views

CVE-2022-23331

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...

8.8CVSS0.01175EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/08 1:15 p.m.4 views

CVE-2022-23331

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...

8.8CVSS7.3AI score0.01175EPSS
Exploits1References2
Prion
Prion
added 2022/02/08 1:15 p.m.19 views

Default credentials

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...

6.5CVSS8.4AI score0.01175EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/02/08 12:29 p.m.18 views

CVE-2022-23331

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password...

8.8AI score0.01175EPSS
Exploits1References1
CVE
CVE
added 2022/02/08 12:29 p.m.57 views

CVE-2022-23331

Summary: DataEase v1.6.1 contains an access-control vulnerability that allows an authenticated user to access all user information and to change the administrator password. The issue is described as an access control error in DataEase; no details about a patch are provided in the connected docume...

8.8CVSS8.5AI score0.01175EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder