目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

dataease 厂商漏洞列表 / CVE 中文分析 82

dataease 厂商相关 82 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

DataEase 是一款开源数据可视化分析工具,旨在简化企业级 BI 报表制作。截至最新统计,该项目已收录 71 条 CVE,历史漏洞多集中于越权访问、SQL 注入及远程代码执行,部分源于文件上传功能处理不当。其安全特性主要依赖权限控制与输入校验,但早期版本曾曝出未授权访问风险。建议用户及时升级至修复版本,并严格配置访问策略以防范潜在的数据泄露与系统入侵威胁。

上位製品 dataease: dataease SQLBot
CVE IDタイトルCVSS深刻度公開日
CVE-2025-15597 Dataease SQLBot API Endpoint assistant.py access control — SQLBotCWE-284 6.3 Medium2026-03-02
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover — dataeaseCWE-522 9.8AICriticalAI2026-01-22
CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability — SQLBotCWE-306 9.8AICriticalAI2026-01-21
CVE-2025-64428 DataEase DB2 JNDI Vulnerability — dataeaseCWE-74 9.1 -2025-11-20
CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection — dataeaseCWE-502 8.1 -2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF — dataeaseCWE-918 10.0 -2025-11-05
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration — dataeaseCWE-502 9.8AICriticalAI2025-10-17
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass — dataeaseCWE-502 8.1AIHighAI2025-10-17
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass — dataeaseCWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62422 DataEase SQL injection vulnerability — dataeaseCWE-89 9.8AICriticalAI2025-10-17
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution — dataeaseCWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource — dataeaseCWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter — dataeaseCWE-918 9.8AICriticalAI2025-09-15
CVE-2025-57772 Dataease H2 JDBC RCE Bypass — dataeaseCWE-94 9.1AICriticalAI2025-08-25
CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability — dataeaseCWE-502 8.8AIHighAI2025-08-25
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 9.1AICriticalAI2025-07-02
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 8.8AIHighAI2025-07-01
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 8.8AIHighAI2025-06-30
CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution — dataeaseCWE-153 9.8AICriticalAI2025-06-26
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability — dataeaseCWE-290 8.2AIHighAI2025-06-03
CVE-2025-49001 Dataease Authentication Bypass Vulnerability — dataeaseCWE-287 5.3AIMediumAI2025-06-03
CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability — dataeaseCWE-923 7.5AIHighAI2025-06-03
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability — dataeaseCWE-89 8.8AIHighAI2025-06-03
CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution — dataeaseCWE-923 8.8AIHighAI2025-05-01
CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution — dataeaseCWE-290 8.8 -2025-04-23
CVE-2025-27138 DataEase has an improper authentication vulnerability — dataeaseCWE-287 9.1 -2025-03-13
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​ — dataeaseCWE-89 8.8 -2025-03-13
CVE-2025-24974 DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability — dataeaseCWE-862 8.8 -2025-03-13
CVE-2024-56511 DataEase has an unauthorized vulnerability — dataeaseCWE-289 9.1 -2025-01-10
CVE-2024-55952 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability — dataeaseCWE-20 8.8 -2024-12-18

本页汇总了 dataease 厂商截至目前公开的全部 82 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。