XML External Entity Injection in DataEase Data Visualization Tool
CVE-2024-46985

7.5HIGH

Key Information:

Vendor: Dataease
Status: Dataease
Vendor: CVE Published:; 23 September 2024

What is CVE-2024-46985?

An XML external entity injection vulnerability exists in the static resource upload interface of the DataEase data visualization tool, impacting versions prior to 2.10.1. This security flaw allows attackers to create specially crafted payloads that can trigger intranet detection and enable unauthorized access to sensitive files, posing serious risks to the integrity and confidentiality of the data processed by the tool. Users of affected versions are strongly encouraged to update to version 2.10.1 or later to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/dataease/dataease/security/advisories/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 23, 2024

JSON

Dataease

What is CVE-2024-46985?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.