Dataease

Dataease

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-46566

Exploit
  • EPSS 0.05%
  • Veröffentlicht 01.05.2025 17:20:34
  • Zuletzt bearbeitet 28.05.2025 16:02:36

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.

9.8

CVE-2025-32966

Exploit
  • EPSS 0.07%
  • Veröffentlicht 23.04.2025 15:21:50
  • Zuletzt bearbeitet 24.06.2025 16:36:21

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.

9.8

CVE-2025-27138

Exploit
  • EPSS 0.19%
  • Veröffentlicht 13.03.2025 17:15:37
  • Zuletzt bearbeitet 21.03.2025 15:22:28

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulner...

6.5

CVE-2025-27103

Exploit
  • EPSS 0.15%
  • Veröffentlicht 13.03.2025 17:15:36
  • Zuletzt bearbeitet 28.03.2025 19:55:11

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection...

6.5

CVE-2025-24974

Exploit
  • EPSS 0.29%
  • Veröffentlicht 13.03.2025 17:15:36
  • Zuletzt bearbeitet 21.03.2025 15:40:04

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. N...

9.8

CVE-2024-57707

Exploit
  • EPSS 0.42%
  • Veröffentlicht 07.02.2025 16:15:38
  • Zuletzt bearbeitet 28.03.2025 17:24:50

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.

9.8

CVE-2024-56511

Exploit
  • EPSS 0.43%
  • Veröffentlicht 10.01.2025 16:15:29
  • Zuletzt bearbeitet 20.02.2025 16:26:58

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease....

8.1

CVE-2024-55953

Exploit
  • EPSS 1.02%
  • Veröffentlicht 18.12.2024 19:15:12
  • Zuletzt bearbeitet 20.02.2025 16:25:07

DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability...

8.8

CVE-2024-55952

Exploit
  • EPSS 1.03%
  • Veröffentlicht 18.12.2024 19:15:11
  • Zuletzt bearbeitet 20.02.2025 16:22:50

DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/tes...

9.8

CVE-2024-52295

Exploit
  • EPSS 0.62%
  • Veröffentlicht 13.11.2024 16:15:19
  • Zuletzt bearbeitet 20.02.2025 16:21:26

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed ...