Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dataease dataease vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-37258
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.
Dataease Dataease
9.8
CVSSv3
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workaroun...
Dataease Dataease
9.8
CVSSv3
CVE-2023-28437
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
Dataease Dataease
9.8
CVSSv3
CVE-2022-39312
Dataease is an open source data visualization analysis tool. Dataease before 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `ba...
Dataease Dataease
1 Github repository
9.8
CVSSv3
CVE-2022-34115
DataEase v1.11.1 exists to contain a arbitrary file write vulnerability via the parameter dataSourceId.
Dataease Project Dataease 1.11.1
9.8
CVSSv3
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows malicious users to execute arbitrary code via a crafted plugin.
Dataease Dataease 1.11.1
8.8
CVSSv3
CVE-2023-28637
DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution....
Dataease Dataease
8.8
CVSSv3
CVE-2022-34114
Dataease v1.11.1 exists to contain a SQL injection vulnerability via the parameter dataSourceId.
Dataease Project Dataease 1.11.1
8.8
CVSSv3
CVE-2022-23331
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.
Dataease Dataease 1.6.1
8.1
CVSSv3
CVE-2023-34463
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. The...
Dataease Dataease
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »