CVE-2024-55953

DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/dataease/dataease/commit/0db4872a52eccf6e83dd9359aa05db52dd580ec1	Patch
https://github.com/dataease/dataease/security/advisories/GHSA-mrf3-9q84-rcmf	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-18 19:15

Updated : 2025-02-20 16:25

NVD link : CVE-2024-55953

Mitre link : CVE-2024-55953

CVE.ORG link : CVE-2024-55953

JSON object : View

Products Affected

dataease

dataease

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-55953", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-18T19:15:12.067", "references": [{"url": "https://github.com/dataease/dataease/commit/0db4872a52eccf6e83dd9359aa05db52dd580ec1", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/dataease/dataease/security/advisories/GHSA-mrf3-9q84-rcmf", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "DataEase es una herramienta de an\u00e1lisis empresarial de c\u00f3digo abierto. Los usuarios autenticados pueden leer y deserializar archivos arbitrarios a trav\u00e9s de la conexi\u00f3n JDBC en segundo plano. Al construir la cadena de conexi\u00f3n JDBC, los par\u00e1metros no se filtran. Esta vulnerabilidad se ha corregido en la versi\u00f3n 1.18.27. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidos para esta vulnerabilidad."}], "lastModified": "2025-02-20T16:25:07.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3CA3161-CA4A-4C07-9074-2D321FE954EA", "versionEndExcluding": "1.18.27"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}