CVE-2023-33963 Vulnerability Details

  /     /     /  

CVE-2023-33963 Metadata Quick Info

CVE Published: 01/06/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: GitHub_M | Vendor: dataease | Product: dataease
Status : PUBLISHED

---

CVE-2023-33963 Description

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-502
CWE Name: CWE-502: Deserialization of Untrusted Data
Source: dataease

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).