DataEase 2.10.4

CPE Details

DataEase 2.10.4
dataease
dataease
2.10.4
2025-01-15
12h33 +00:00
2025-01-15
12h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:dataease:dataease:2.10.4:*:*:*:*:*:*:*

Informations

Vendor

dataease

Product

dataease

Version

2.10.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-46566 2025-05-01 17h20 +00:00 DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.
6.8
Medium
CVE-2025-27138 2025-03-13 16h49 +00:00 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
7.7
High
CVE-2025-27103 2025-03-13 16h44 +00:00 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
7.3
High
CVE-2025-24974 2025-03-13 16h37 +00:00 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
7.3
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.