CRITICAL🇵🇱 Wersja polska

CVE-2024-57707

CVSS 9.8v3.1pub. 2025-02-07upd. 2025-03-28

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-94 (Code Injection) indicates insufficient validation of input data in components handling user account and password. An attacker can supply specially crafted input data that will be interpreted and executed by the application as code. The attack does not require authentication, user interaction, or specific network conditions (network vector, low complexity).

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the server hosting DataEase, which may lead to complete system takeover, data breach, modification or destruction of resources.

Mitigation & patch

Apply patches available from the vendor according to the references. Additionally, it is recommended to restrict access to the DataEase interface only to trusted networks (firewall, VPN) until the update is deployed.

Who is affected

DataEase version 1 (v1) — specific versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dataease

    APP
    Dataease
    1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-32140CRITICAL9.3PL ✓ten sam produkt

Dataease: RCE poprzez path traversal w parametrze IniFile sterownika JDBC

CVE-2026-32137CRITICAL9.3PL ✓ten sam produkt

SQL Injection w Dataease — niekontrolowany parametr tabeli w podglądzie danych

CVE-2024-56511CRITICAL9.3PL ✓ten sam produkt

DataEase – obejście uwierzytelnienia przez path traversal w TokenFilter

CVE-2024-52295CRITICAL9.3PL ✓ten sam produkt

DataEase: hardkodowany sekret JWT umożliwia przejęcie usługi

CVE-2024-47073CRITICAL9.3PL ✓ten sam produkt

DataEase: brak weryfikacji podpisu JWT umożliwia dostęp do dowolnego interfejsu