Dataease

Dataease

50 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-58748

Exploit
  • EPSS 0.34%
  • Published 15.09.2025 16:12:10
  • Last modified 19.09.2025 19:31:28

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafte...

9.8

CVE-2025-58046

Exploit
  • EPSS 0.2%
  • Published 15.09.2025 16:04:10
  • Last modified 19.09.2025 19:31:40

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasou...

9.8

CVE-2025-58045

Exploit
  • EPSS 0.52%
  • Published 15.09.2025 15:53:02
  • Last modified 19.09.2025 19:34:04

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter i...

9.8

CVE-2025-57772

Exploit
  • EPSS 0.09%
  • Published 25.08.2025 17:00:20
  • Last modified 03.09.2025 13:41:43

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the Jdb...

9.8

CVE-2025-57773

Exploit
  • EPSS 0.1%
  • Published 25.08.2025 16:42:11
  • Last modified 03.09.2025 13:43:01

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, ...

9.8

CVE-2025-53006

Exploit
  • EPSS 0.12%
  • Published 02.07.2025 14:22:31
  • Last modified 10.07.2025 15:16:32

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg...

9.8

CVE-2025-53005

Exploit
  • EPSS 0.09%
  • Published 01.07.2025 00:33:53
  • Last modified 16.07.2025 14:43:07

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could...

9.8

CVE-2025-53004

Exploit
  • EPSS 0.09%
  • Published 30.06.2025 20:18:49
  • Last modified 10.07.2025 13:42:12

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could t...

9.8

CVE-2025-49003

Exploit
  • EPSS 0.34%
  • Published 26.06.2025 13:51:44
  • Last modified 09.07.2025 18:47:27

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" b...

9.8

CVE-2025-49002

Exploit
  • EPSS 0.12%
  • Published 03.06.2025 20:37:40
  • Last modified 05.06.2025 14:07:36

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are ...