Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53006 | 1 Dataease | 1 Dataease | 2025-07-10 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11. | |||||
| CVE-2025-53004 | 1 Dataease | 1 Dataease | 2025-07-10 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11. | |||||