Dataease

Dataease

50 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-49001

  • EPSS 0.08%
  • Published 03.06.2025 20:33:48
  • Last modified 05.06.2025 14:07:47

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.1...

8.8

CVE-2025-48999

Exploit
  • EPSS 0.08%
  • Published 03.06.2025 20:31:13
  • Last modified 05.06.2025 14:07:58

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns fa...

8.8

CVE-2025-48998

Exploit
  • EPSS 0.09%
  • Published 03.06.2025 18:27:43
  • Last modified 09.06.2025 15:13:08

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection....

9.8

CVE-2025-46566

Exploit
  • EPSS 0.04%
  • Published 01.05.2025 17:20:34
  • Last modified 28.05.2025 16:02:36

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.

9.8

CVE-2025-32966

Exploit
  • EPSS 0.07%
  • Published 23.04.2025 15:21:50
  • Last modified 24.06.2025 16:36:21

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.

9.8

CVE-2025-27138

Exploit
  • EPSS 0.18%
  • Published 13.03.2025 17:15:37
  • Last modified 21.03.2025 15:22:28

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulner...

6.5

CVE-2025-27103

Exploit
  • EPSS 0.08%
  • Published 13.03.2025 17:15:36
  • Last modified 28.03.2025 19:55:11

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection...

6.5

CVE-2025-24974

Exploit
  • EPSS 0.11%
  • Published 13.03.2025 17:15:36
  • Last modified 21.03.2025 15:40:04

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. N...

9.8

CVE-2024-57707

Exploit
  • EPSS 0.26%
  • Published 07.02.2025 16:15:38
  • Last modified 28.03.2025 17:24:50

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.

9.8

CVE-2024-56511

Exploit
  • EPSS 0.36%
  • Published 10.01.2025 16:15:29
  • Last modified 20.02.2025 16:26:58

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease....