Dataease

Dataease

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-58748

Exploit
  • EPSS 0.34%
  • Veröffentlicht 15.09.2025 16:12:10
  • Zuletzt bearbeitet 19.09.2025 19:31:28

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafte...

9.8

CVE-2025-58046

Exploit
  • EPSS 0.2%
  • Veröffentlicht 15.09.2025 16:04:10
  • Zuletzt bearbeitet 19.09.2025 19:31:40

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasou...

9.8

CVE-2025-58045

Exploit
  • EPSS 0.52%
  • Veröffentlicht 15.09.2025 15:53:02
  • Zuletzt bearbeitet 19.09.2025 19:34:04

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter i...

9.8

CVE-2025-57772

Exploit
  • EPSS 0.09%
  • Veröffentlicht 25.08.2025 17:00:20
  • Zuletzt bearbeitet 03.09.2025 13:41:43

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the Jdb...

9.8

CVE-2025-57773

Exploit
  • EPSS 0.1%
  • Veröffentlicht 25.08.2025 16:42:11
  • Zuletzt bearbeitet 03.09.2025 13:43:01

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, ...

9.8

CVE-2025-53006

Exploit
  • EPSS 0.12%
  • Veröffentlicht 02.07.2025 14:22:31
  • Zuletzt bearbeitet 10.07.2025 15:16:32

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg...

9.8

CVE-2025-53005

Exploit
  • EPSS 0.09%
  • Veröffentlicht 01.07.2025 00:33:53
  • Zuletzt bearbeitet 16.07.2025 14:43:07

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could...

9.8

CVE-2025-53004

Exploit
  • EPSS 0.09%
  • Veröffentlicht 30.06.2025 20:18:49
  • Zuletzt bearbeitet 10.07.2025 13:42:12

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could t...

9.8

CVE-2025-49003

Exploit
  • EPSS 0.34%
  • Veröffentlicht 26.06.2025 13:51:44
  • Zuletzt bearbeitet 09.07.2025 18:47:27

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" b...

9.8

CVE-2025-49002

Exploit
  • EPSS 0.12%
  • Veröffentlicht 03.06.2025 20:37:40
  • Zuletzt bearbeitet 05.06.2025 14:07:36

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are ...