Dataease

Dataease

62 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-49003

Exploit
  • EPSS 0.82%
  • Veröffentlicht 26.06.2025 13:51:44
  • Zuletzt bearbeitet 09.07.2025 18:47:27

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" b...

9.8

CVE-2025-49002

Exploit
  • EPSS 0.15%
  • Veröffentlicht 03.06.2025 20:37:40
  • Zuletzt bearbeitet 05.06.2025 14:07:36

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are ...

9.8

CVE-2025-49001

  • EPSS 0.13%
  • Veröffentlicht 03.06.2025 20:33:48
  • Zuletzt bearbeitet 05.06.2025 14:07:47

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.1...

8.8

CVE-2025-48999

Exploit
  • EPSS 0.07%
  • Veröffentlicht 03.06.2025 20:31:13
  • Zuletzt bearbeitet 05.06.2025 14:07:58

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns fa...

8.8

CVE-2025-48998

Exploit
  • EPSS 0.21%
  • Veröffentlicht 03.06.2025 18:27:43
  • Zuletzt bearbeitet 09.06.2025 15:13:08

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection....

9.8

CVE-2025-46566

Exploit
  • EPSS 0.3%
  • Veröffentlicht 01.05.2025 17:20:34
  • Zuletzt bearbeitet 28.05.2025 16:02:36

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.

9.8

CVE-2025-32966

Exploit
  • EPSS 0.38%
  • Veröffentlicht 23.04.2025 15:21:50
  • Zuletzt bearbeitet 24.06.2025 16:36:21

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.

9.8

CVE-2025-27138

Exploit
  • EPSS 0.23%
  • Veröffentlicht 13.03.2025 17:15:37
  • Zuletzt bearbeitet 21.03.2025 15:22:28

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulner...

6.5

CVE-2025-27103

Exploit
  • EPSS 0.21%
  • Veröffentlicht 13.03.2025 17:15:36
  • Zuletzt bearbeitet 28.03.2025 19:55:11

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection...

6.5

CVE-2025-24974

Exploit
  • EPSS 0.4%
  • Veröffentlicht 13.03.2025 17:15:36
  • Zuletzt bearbeitet 21.03.2025 15:40:04

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. N...