Lucene search
K

5 matches found

Cvelist
Cvelist
added 2025/10/17 5:11 p.m.13 views

CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

8.2CVSS0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/17 5:11 p.m.6 views

CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

8.2CVSS6.8AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2025/10/17 5:11 p.m.6 views

CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS8AI score0.00915EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/15 4:12 p.m.11 views

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

8.7CVSS0.00758EPSS
Exploits1References2
CVE
CVE
added 2025/09/15 4:12 p.m.24 views

CVE-2025-58748

CVE-2025-58748 affects DataEase up to version 2.10.12, where the H2 data source (H2.java) does not validate that a JDBC URL starts with jdbc:h2 . This enables a crafted configuration to substitute the Amazon Redshift driver and leverage socketFactory/socketFactoryArg to trigger a remote XML resou...

9.8CVSS7.4AI score0.00758EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder