Login Sign Up

CVE-2023-33963

9.8 CRITICAL
Remote Code Execution Deserialization

📋 TL;DR

This CVE describes a deserialization vulnerability in DataEase, an open source data visualization tool, that allows remote attackers to execute arbitrary code on affected systems. All DataEase installations prior to version 1.18.7 are vulnerable. The vulnerability affects the datasource component and can be exploited without authentication.

💻 Affected Systems

Products:
  • DataEase
Versions: All versions prior to 1.18.7
Operating Systems: All platforms running DataEase
Default Config Vulnerable: ⚠️ Yes
Notes: All DataEase deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Dataease by Dataease

View all CVEs affecting Dataease →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with full remote code execution, allowing attackers to install malware, exfiltrate data, pivot to other systems, or establish persistent access.

🟠

Likely Case

Remote code execution leading to data theft, system takeover, or deployment of ransomware/cryptominers on vulnerable DataEase instances.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and monitoring are in place, though code execution would still be possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Deserialization vulnerabilities typically have low exploitation complexity once details are known. No public exploit code has been identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.18.7

Vendor Advisory: https://github.com/dataease/dataease/security/advisories/GHSA-m26j-gh4m-xh9f

Restart Required: Yes

Instructions:

1. Backup your DataEase configuration and data
2. Stop the DataEase service
3. Upgrade to version 1.18.7 or later using the official release
4. Restart the DataEase service
5. Verify the upgrade was successful

🧯 If You Can't Patch

  • Implement strict network access controls to limit DataEase exposure to only trusted networks
  • Deploy web application firewall (WAF) rules to detect and block deserialization attack patterns

🔍 How to Verify

Check if Vulnerable:

Check the DataEase version in the web interface or configuration files. If version is below 1.18.7, the system is vulnerable.

Check Version:

Check the DataEase web interface admin panel or examine the application version in the deployment configuration.

Verify Fix Applied:

After upgrading, verify the version shows 1.18.7 or higher in the web interface or via the version check command.

📡 Detection & Monitoring

Log Indicators:

  • Unusual deserialization errors in application logs
  • Suspicious Java serialization payloads in request logs
  • Unexpected process execution from DataEase service account

Network Indicators:

  • Unusual outbound connections from DataEase server
  • Suspicious payloads in HTTP requests to DataEase datasource endpoints

SIEM Query:

Search for deserialization-related error messages in DataEase application logs combined with suspicious process creation events.

📊 Metadata

CVE ID: CVE-2023-33963
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: June 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33963, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)