← volver
CVE-2025-64428

DataEase DB2 JNDI Vulnerability

CVSS 8.9 HIGHEPSS 0.5%CWE-74
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Productos afectados
dataease · dataease

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/dataease/dataease/commit/b7e585c1cc3fc2b73cb289b8680b4b3914be3d53https://github.com/dataease/dataease/releases/tag/v2.10.17https://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2h