Описание
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.10.10 (исключая)
cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-290
NVD-CWE-Other
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-290
NVD-CWE-Other