Dataease 产品漏洞列表 / CVE 中文分析 64

Dataease 产品相关 64 条漏洞，AI 中文标题与摘要、CVSS、POC 一站汇总。

DataEase 是由 DataEase 团队开发的开源数据可视化分析工具，本页面聚合了该产品的各类安全漏洞信息。收录内容涵盖 SQL 注入、越权访问及远程代码执行等高危缺陷，时间跨度覆盖自 2022 年至今发布的历史版本记录。读者可通过本页快速追踪 DataEase 官方发布的安全补丁公告，深入理解特定组件的弱点机制，并便捷检索该产品在过往版本中暴露的具体漏洞详情，以协助企业评估系统风险并完成必要的升级加固工作。

ベンダー: dataease

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2025-49003	Dataease H2 JDBC Connection Remote Code Execution CWE-153	9.8^AI	Critical^AI	2025-06-26
CVE-2025-49002	Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability CWE-290	8.2^AI	High^AI	2025-06-03
CVE-2025-49001	Dataease Authentication Bypass Vulnerability CWE-287	5.3^AI	Medium^AI	2025-06-03
CVE-2025-48999	Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability CWE-923	7.5^AI	High^AI	2025-06-03
CVE-2025-48998	Dataease MYSQL JDBC File Reading Vulnerability CWE-89	8.8^AI	High^AI	2025-06-03
CVE-2025-46566	Dataease redshift JDBC Connection Remote Code Execution CWE-923	8.8^AI	High^AI	2025-05-01
CVE-2025-32966	Dataease H2 JDBC Connection Remote Code Execution CWE-290	8.8	-	2025-04-23
CVE-2025-27138	DataEase has an improper authentication vulnerability CWE-287	9.1	-	2025-03-13
CVE-2025-27103	Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability CWE-89	8.8	-	2025-03-13
CVE-2025-24974	DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability CWE-862	8.8	-	2025-03-13
CVE-2024-56511	DataEase has an unauthorized vulnerability CWE-289	9.1	-	2025-01-10
CVE-2024-55952	Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability CWE-20	8.8	-	2024-12-18
CVE-2024-55953	Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability CWE-89	8.8	-	2024-12-18
CVE-2024-52295	DataEase has a forged JWT token vulnerability CWE-798	9.8^AI	Critical^AI	2024-11-13
CVE-2024-47073	Dataease arbitrary interface access vulnerability CWE-347	9.1^AI	Critical^AI	2024-11-07
CVE-2024-47074	Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability CWE-502	9.8^AI	Critical^AI	2024-10-11
CVE-2024-46997	DataEase's H2 datasource has a remote command execution risk CWE-74	9.8	Critical	2024-09-23
CVE-2024-46985	DataEase has an XXE vulnerability CWE-611	7.5	High	2024-09-23
CVE-2024-31441	Arbitrary File Reading in DataEase CWE-863	7.5	High	2024-05-10
CVE-2024-30269	DataEase has database configuration information exposure vulnerability CWE-200	5.3	Medium	2024-04-08
CVE-2024-23328	The Dataease datasource exists deserialization and arbitrary file read vulnerability CWE-502	9.1	Critical	2024-02-01
CVE-2023-40183	DataEase has a vulnerability to obtain user cookies CWE-434	7.5	High	2023-09-21
CVE-2023-37258	DataEase has a SQL injection vulnerability that can bypass blacklists CWE-89	8.8	High	2023-07-25
CVE-2023-37257	The DataEase panel and dataset have a stored XSS vulnerability CWE-79	5.4	Medium	2023-07-25
CVE-2023-35164	Unauthorized users can manipulate a dashboard created by an administrator in DataEase CWE-862	6.3	Medium	2023-06-26
CVE-2023-34463	Unauthorized users can delete applications in DataEase CWE-862	8.1	High	2023-06-26
CVE-2023-35168	DataEase has a privilege bypass vulnerability CWE-732	6.5	Medium	2023-06-26
CVE-2023-33963	DataEase data source has deserialization vulnerability CWE-502	9.8	Critical	2023-06-01
CVE-2023-32310	DataEase API interface has IDOR vulnerability CWE-639	8.1	High	2023-06-01
CVE-2023-28637	DataEase AWS redshift data source exists for remote code execution vulnerability CWE-74	8.0	High	2023-03-28

Dataease 产品累计公开 64 条 CVE 漏洞，本页提供按时间倒序的完整列表，包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。

目標達成 すべての支援者に感謝 — 100%達成しました！

Dataease 产品漏洞列表 / CVE 中文分析 64

目標達成すべての支援者に感謝 — 100%達成しました！