Dataease

Dataease

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-49001

  • EPSS 0.08%
  • Veröffentlicht 03.06.2025 20:33:48
  • Zuletzt bearbeitet 05.06.2025 14:07:47

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.1...

8.8

CVE-2025-48999

Exploit
  • EPSS 0.08%
  • Veröffentlicht 03.06.2025 20:31:13
  • Zuletzt bearbeitet 05.06.2025 14:07:58

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns fa...

8.8

CVE-2025-48998

Exploit
  • EPSS 0.09%
  • Veröffentlicht 03.06.2025 18:27:43
  • Zuletzt bearbeitet 09.06.2025 15:13:08

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection....

9.8

CVE-2025-46566

Exploit
  • EPSS 0.04%
  • Veröffentlicht 01.05.2025 17:20:34
  • Zuletzt bearbeitet 28.05.2025 16:02:36

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.

9.8

CVE-2025-32966

Exploit
  • EPSS 0.07%
  • Veröffentlicht 23.04.2025 15:21:50
  • Zuletzt bearbeitet 24.06.2025 16:36:21

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.

9.8

CVE-2025-27138

Exploit
  • EPSS 0.18%
  • Veröffentlicht 13.03.2025 17:15:37
  • Zuletzt bearbeitet 21.03.2025 15:22:28

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulner...

6.5

CVE-2025-27103

Exploit
  • EPSS 0.08%
  • Veröffentlicht 13.03.2025 17:15:36
  • Zuletzt bearbeitet 28.03.2025 19:55:11

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection...

6.5

CVE-2025-24974

Exploit
  • EPSS 0.11%
  • Veröffentlicht 13.03.2025 17:15:36
  • Zuletzt bearbeitet 21.03.2025 15:40:04

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. N...

9.8

CVE-2024-57707

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.02.2025 16:15:38
  • Zuletzt bearbeitet 28.03.2025 17:24:50

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.

9.8

CVE-2024-56511

Exploit
  • EPSS 0.36%
  • Veröffentlicht 10.01.2025 16:15:29
  • Zuletzt bearbeitet 20.02.2025 16:26:58

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease....