N1Etzsche0

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.8 **Description** The issue allows authenticated users to complete remote code execution (RCE) through the backend JDBC link. **Recommendations** For versions prior to 2.10.8, update to version 2.10.8 to resolve the issue. As a temporary workaround, consider restricting access to the backend JDBC link until the update is applied.

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.6 Description: DataEase is an open source business intelligence and data visualization tool. A patch bypass issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. Recommendations: For versions prior to 2.10.6, update to version 2.10.6 to resolve the issue. As a temporary workaround, consider restricting access to the background JDBC connection until the update is applied.