目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

dataease 厂商漏洞列表 / CVE 中文分析 71

dataease 厂商相关 71 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

DataEase 是一款开源数据可视化分析工具,旨在简化企业级 BI 报表制作。截至最新统计,该项目已收录 71 条 CVE,历史漏洞多集中于越权访问、SQL 注入及远程代码执行,部分源于文件上传功能处理不当。其安全特性主要依赖权限控制与输入校验,但早期版本曾曝出未授权访问风险。建议用户及时升级至修复版本,并严格配置访问策略以防范潜在的数据泄露与系统入侵威胁。

上位製品 dataease: dataease SQLBot
CVE IDタイトルCVSS深刻度公開日
CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability — dataeaseCWE-79 5.4 Medium2023-07-25
CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase — dataeaseCWE-862 6.3 Medium2023-06-26
CVE-2023-34463 Unauthorized users can delete applications in DataEase — dataeaseCWE-862 8.1 High2023-06-26
CVE-2023-35168 DataEase has a privilege bypass vulnerability — dataeaseCWE-732 6.5 Medium2023-06-26
CVE-2023-33963 DataEase data source has deserialization vulnerability — dataeaseCWE-502 9.8 Critical2023-06-01
CVE-2023-32310 DataEase API interface has IDOR vulnerability — dataeaseCWE-639 8.1 High2023-06-01
CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability — dataeaseCWE-74 8.0 High2023-03-28
CVE-2023-28437 SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed — dataeaseCWE-89 9.8 Critical2023-03-24
CVE-2023-28435 Dataease file upload interface does not verify permission or file type — dataeaseCWE-79 6.5 Medium2023-03-24
CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability — dataeaseCWE-79 7.2 High2023-02-28
CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability — dataeaseCWE-20 9.8 Critical2022-10-25

本页汇总了 dataease 厂商截至目前公开的全部 71 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。