VDB
CVE-2024-55953
CVE-2024-55953
PUBLISHED
CVSS 8.600000381469727 HIGH
DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability.
EPSS 1.16% · 78.9th percentile
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
1.16%
78.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dataease | dataease | < 1.18.27, 0 |
Timeline
- Jan 21, 1970 Security Advisory
- Dec 18, 2024 CVE Published
- Dec 18, 2024 PoC Published
- Dec 19, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Jan 21, 2025 EPSS Score
- Feb 6, 2025 EPSS Score
- Feb 20, 2025 Coalition ESS Score
- Feb 23, 2025 EPSS Score
- Mar 11, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Apr 13, 2025 EPSS Score