Pupp1T

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open source business intelligence and data visualization tool. Due to insufficient filtering of DB2 parameters, a JNDI injection attack can be launched, triggering an AspectJWeaver deserialization attack that results in writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. Recommendations: Update DataEase to version 2.10.12 or later.