📦 Dataease
by Dataease
🔍 What is Dataease?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Dataease versions before 2.10.19 use MD5-hashed passwords as JWT signing secrets, allowing attackers to brute-force admin passwords via unmonitored API endpoints. This vulnerability affects all Dataea...
This CVE describes a JNDI injection vulnerability in Dataease, an open-source data visualization tool. Attackers can exploit this to execute arbitrary code on affected systems by using iiop, corbaname...
This vulnerability allows remote code execution in Dataease by exploiting improper JDBC URL validation in the H2 data source implementation. Attackers can craft malicious JDBC configurations to load a...
This vulnerability in Dataease allows attackers to exploit the DB2 JDBC connection string to trigger server-side request forgery (SSRF) attacks. In Dataease versions up to 2.10.12, the ldap parameter ...
This vulnerability allows remote code execution in DataEase BI tools through a JDBC URL bypass. Attackers can exploit a flaw in H2 database driver filtering to execute arbitrary code on affected syste...
This vulnerability in DataEase allows attackers to exploit SSL/TLS connection parameters to potentially execute arbitrary code or bypass security controls. It affects all DataEase deployments using Po...
This vulnerability allows attackers to bypass security controls in DataEase's PostgreSQL data source JDBC connection parameters by manipulating sslfactory and sslfactoryarg parameters. It affects all ...
This vulnerability allows attackers to bypass security controls in DataEase's Redshift JDBC connection parameters via the sslfactory and sslfactoryarg parameters. It affects DataEase installations pri...
This vulnerability allows remote code execution in DataEase by exploiting Java's character conversion behavior where 'ı' becomes 'I' and 'ſ' becomes 'S' when uppercased. Attackers can craft maliciou...
CVE-2025-49001 is a critical authentication bypass vulnerability in DataEase where JWT token secret verification fails, allowing attackers to forge valid authentication tokens using any secret. This a...
This vulnerability allows authenticated users of DataEase to achieve remote code execution through the backend JDBC link functionality. It affects all DataEase installations prior to version 2.10.9. O...
DataEase versions before 2.10.8 contain a vulnerability where authenticated users can achieve remote code execution through the backend JDBC connection feature. This affects all deployments running vu...
This vulnerability allows attackers to bypass authentication in DataEase, potentially gaining unauthorized access to sensitive business intelligence data and visualization tools. All organizations run...
This vulnerability allows remote attackers to execute arbitrary code on DataEase v1 systems by exploiting the user account and password components. Attackers can gain complete control of affected syst...
This vulnerability allows attackers to bypass authentication in DataEase by exploiting a path traversal flaw in the whitelist validation logic. When the application is deployed with a custom context p...
CVE-2024-52295 is a critical authentication bypass vulnerability in DataEase where attackers can forge JWT tokens due to hardcoded secrets and identifiers. This allows complete service takeover of aff...
This vulnerability allows attackers to forge JWT tokens due to missing signature verification in DataEase. Attackers can gain unauthorized access to any interface in affected versions. All DataEase us...
This vulnerability in DataEase allows attackers to execute arbitrary system commands by exploiting PostgreSQL JDBC deserialization through unfiltered user input in JDBC connection parameters. Attacker...
This vulnerability allows remote attackers to execute arbitrary commands on DataEase servers by crafting malicious H2 database connection strings. Any organization running DataEase versions before 2.1...
This CVE describes a deserialization vulnerability in Dataease's MySQL datasource component that allows attackers to bypass JDBC attack blacklists. Successful exploitation enables arbitrary code execu...
CVE-2025-62422 is a SQL injection vulnerability in DataEase's /de2api/datasetData/tableField interface that allows attackers to execute arbitrary SQL commands by manipulating the tableName parameter. ...
This CVE describes a JDBC URL injection vulnerability in DataEase data visualization platform. Attackers can inject malicious JDBC strings through the HOSTNAME field in DB2 data source configuration, ...
This vulnerability allows authenticated attackers to bypass JDBC driver restrictions in DataEase by providing a malicious jdbcUrl parameter. Attackers can trigger arbitrary JDBC connections with malic...
This vulnerability allows attackers to bypass a previous security patch (CVE-2025-46566) in DataEase, enabling them to construct malicious JDBC statements. This could lead to remote code execution or ...
This vulnerability allows authenticated users in DataEase to bypass a previous patch and read/deserialize arbitrary files through the background JDBC connection. It affects DataEase installations prio...
This vulnerability in DataEase allows authenticated users to read and deserialize arbitrary files through JDBC connection parameters. Attackers can exploit this to access sensitive system files or exe...
DataEase versions before 2.10.1 contain an XML external entity injection (XXE) vulnerability in the static resource upload interface. This allows attackers to read arbitrary files from the server and ...
This vulnerability in DataEase allows attackers to upload malicious files disguised as images that can steal user cookies when accessed. It affects all DataEase users running versions before 1.18.11. ...
DataEase versions before 1.18.9 contain a SQL injection vulnerability that bypasses blacklist protections, allowing attackers to execute arbitrary SQL commands. This affects all deployments using vuln...
CVE-2023-28637 is a remote code execution vulnerability in DataEase's AWS Redshift data source due to insufficient input sanitization. Attackers can execute arbitrary code on affected systems by injec...
This SQL injection vulnerability in DataEase allows attackers to extract sensitive database information by manipulating the orders parameter in API requests. It affects all DataEase deployments before...
In DataEase v1.6.1, an authenticated user can exploit a vulnerability to access all user information and change administrator passwords. This affects any organization running the vulnerable version of...
This vulnerability allows authenticated users in DataEase to bypass a previous security patch and read/deserialize arbitrary files through the background JDBC connection. It affects DataEase installat...