Lucene search
K

4 matches found

NVD
NVD
added 2025/07/01 1:15 a.m.11 views

CVE-2025-53005

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.8CVSS0.00522EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/30 8:18 p.m.10 views

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS0.00522EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/03 8:31 p.m.15 views

CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...

7.7CVSS0.06278EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.8 views

CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability

Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...

9.8CVSS9.8AI score0.01473EPSS
Exploits1References4
Rows per page
Query Builder