目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

dataease 厂商漏洞列表 / CVE 中文分析 71

dataease 厂商相关 71 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

DataEase 是一款开源数据可视化分析工具,旨在简化企业级 BI 报表制作。截至最新统计,该项目已收录 71 条 CVE,历史漏洞多集中于越权访问、SQL 注入及远程代码执行,部分源于文件上传功能处理不当。其安全特性主要依赖权限控制与输入校验,但早期版本曾曝出未授权访问风险。建议用户及时升级至修复版本,并严格配置访问策略以防范潜在的数据泄露与系统入侵威胁。

63 件の結果 / 71フィルターをクリア
上位製品 dataease: dataease SQLBot
CVE IDタイトルCVSS深刻度公開日
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution — dataeaseCWE-502 8.8AIHighAI2026-04-16
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability — dataeaseCWE-183 8.3AIHighAI2026-04-16
CVE-2026-33207 DataEase SQL Injection Vulnerability — dataeaseCWE-89 9.8AICriticalAI2026-04-16
CVE-2026-33122 DataEase has SQL Injection via Datasource Management — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow — dataeaseCWE-89 8.1AIHighAI2026-04-16
CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint — dataeaseCWE-89 7.5AIHighAI2026-04-16
CVE-2026-33083 DataEase has SQL Injection in Order By Clause — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export — dataeaseCWE-89 9.8AICriticalAI2026-04-16
CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass — dataeaseCWE-178 9.1 -2026-03-20
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass — dataeaseCWE-22 8.0AIHighAI2026-03-12
CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS — dataeaseCWE-79 5.4AIMediumAI2026-03-12
CVE-2026-32137 DataEase SQL Injection Vulnerability — dataeaseCWE-89 9.8AICriticalAI2026-03-12
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover — dataeaseCWE-522 9.8AICriticalAI2026-01-22
CVE-2025-64428 DataEase DB2 JNDI Vulnerability — dataeaseCWE-74 9.1 -2025-11-20
CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection — dataeaseCWE-502 8.1 -2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF — dataeaseCWE-918 10.0 -2025-11-05
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration — dataeaseCWE-502 9.8AICriticalAI2025-10-17
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass — dataeaseCWE-502 8.1AIHighAI2025-10-17
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass — dataeaseCWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62422 DataEase SQL injection vulnerability — dataeaseCWE-89 9.8AICriticalAI2025-10-17
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution — dataeaseCWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource — dataeaseCWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter — dataeaseCWE-918 9.8AICriticalAI2025-09-15
CVE-2025-57772 Dataease H2 JDBC RCE Bypass — dataeaseCWE-94 9.1AICriticalAI2025-08-25
CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability — dataeaseCWE-502 8.8AIHighAI2025-08-25
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 9.1AICriticalAI2025-07-02
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 8.8AIHighAI2025-07-01
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 8.8AIHighAI2025-06-30
CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution — dataeaseCWE-153 9.8AICriticalAI2025-06-26

本页汇总了 dataease 厂商截至目前公开的全部 71 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。