Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/09/15 4:4 p.m.3 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS8.2AI score0.01303EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/15 3:53 p.m.12 views

CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

7.1CVSS0.00646EPSS
Exploits1References2
CVE
CVE
added 2025/09/15 3:53 p.m.24 views

CVE-2025-58045

DataEase (DataEase Open Source) contains a JDBC URL injection vulnerability affecting DB2 and MongoDB data source configuration handlers. In versions up to 2.10.13, when extraParams is empty, the HOSTNAME, PORT, and DATABASE values are concatenated into the JDBC URL without filtering illegal para...

9.8CVSS7.6AI score0.00646EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.4 views

PT-2025-37720

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Dataease versions 2.10.12 and earlier Description: Dataease is a data visualization and analysis platform. Versions up to and including 2.10.12 are susceptible to remote code execution through the Impala dat...

9.8CVSS8.2AI score0.01303EPSS
Exploits1References8
Rows per page
Query Builder