Dataease

Dataease

62 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-62421

  • EPSS 0.02%
  • Veröffentlicht 17.10.2025 17:11:14
  • Zuletzt bearbeitet 24.10.2025 13:10:14

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface define...

8.8

CVE-2025-62422

Exploit
  • EPSS 0.04%
  • Veröffentlicht 17.10.2025 17:11:06
  • Zuletzt bearbeitet 24.10.2025 13:14:29

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute a...

9.8

CVE-2025-58748

Exploit
  • EPSS 1.05%
  • Veröffentlicht 15.09.2025 16:12:10
  • Zuletzt bearbeitet 19.09.2025 19:31:28

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafte...

9.8

CVE-2025-58046

Exploit
  • EPSS 1.08%
  • Veröffentlicht 15.09.2025 16:04:10
  • Zuletzt bearbeitet 19.09.2025 19:31:40

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasou...

9.8

CVE-2025-58045

Exploit
  • EPSS 1.12%
  • Veröffentlicht 15.09.2025 15:53:02
  • Zuletzt bearbeitet 19.09.2025 19:34:04

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter i...

9.8

CVE-2025-57772

Exploit
  • EPSS 0.21%
  • Veröffentlicht 25.08.2025 17:00:20
  • Zuletzt bearbeitet 03.09.2025 13:41:43

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the Jdb...

9.8

CVE-2025-57773

Exploit
  • EPSS 0.4%
  • Veröffentlicht 25.08.2025 16:42:11
  • Zuletzt bearbeitet 03.09.2025 13:43:01

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, ...

9.8

CVE-2025-53006

Exploit
  • EPSS 0.11%
  • Veröffentlicht 02.07.2025 14:22:31
  • Zuletzt bearbeitet 10.07.2025 15:16:32

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg...

9.8

CVE-2025-53005

Exploit
  • EPSS 0.14%
  • Veröffentlicht 01.07.2025 00:33:53
  • Zuletzt bearbeitet 16.07.2025 14:43:07

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could...

9.8

CVE-2025-53004

Exploit
  • EPSS 0.14%
  • Veröffentlicht 30.06.2025 20:18:49
  • Zuletzt bearbeitet 10.07.2025 13:42:12

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could t...