Login Sign Up

CVE-2023-28637

8.0 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-28637 is a remote code execution vulnerability in DataEase's AWS Redshift data source due to insufficient input sanitization. Attackers can execute arbitrary code on affected systems by injecting malicious data. This affects all DataEase users with AWS Redshift data sources configured.

💻 Affected Systems

Products:
  • DataEase
Versions: All versions before v1.18.5
Operating Systems: All platforms running DataEase
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using AWS Redshift as a data source. Other data sources are not vulnerable.

📦 What is this software?

Dataease by Dataease

View all CVEs affecting Dataease →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to execute arbitrary commands, access sensitive data, and pivot to other systems.

🟠

Likely Case

Data breach through unauthorized database access and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal user privileges.

🌐 Internet-Facing: HIGH - DataEase instances exposed to the internet are directly vulnerable to remote exploitation.
🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user access to modify data in DataEase. The advisory suggests RCE is possible through data injection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.18.5

Vendor Advisory: https://github.com/dataease/dataease/security/advisories/GHSA-8wg2-9gwc-5fx2

Restart Required: Yes

Instructions:

1. Backup your DataEase instance and data. 2. Download v1.18.5 or later from official sources. 3. Stop the DataEase service. 4. Replace with patched version. 5. Restart the service. 6. Verify functionality.

🔧 Temporary Workarounds

Disable AWS Redshift Data Source

all

Temporarily disable or remove AWS Redshift data source configurations until patching is complete.

# Remove Redshift data source connections from DataEase configuration

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate DataEase instances from critical systems
  • Apply principle of least privilege to DataEase user accounts and monitor for suspicious data modification

🔍 How to Verify

Check if Vulnerable:

Check DataEase version and verify if AWS Redshift data sources are configured. Versions below 1.18.5 with Redshift connections are vulnerable.

Check Version:

Check DataEase web interface admin panel or deployment configuration files for version information

Verify Fix Applied:

Confirm version is 1.18.5 or higher and test Redshift data source functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual data modification patterns in Redshift data sources
  • Unexpected process execution from DataEase service

Network Indicators:

  • Suspicious outbound connections from DataEase server
  • Unexpected database queries to Redshift

SIEM Query:

source="dataease" AND (event="data_modification" OR event="external_connection") AND resource="redshift"

📊 Metadata

CVE ID: CVE-2023-28637
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-74
Published: March 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28637, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)