nvd-json-data-feeds/CVE-2024/CVE-2024-469xx/CVE-2024-46997.json

{
  "id": "CVE-2024-46997",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-09-23T16:15:06.387",
  "lastModified": "2024-10-07T17:20:10.427",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1."
    },
    {
      "lang": "es",
      "value": "DataEase es una herramienta de an\u00e1lisis de visualizaci\u00f3n de datos de c\u00f3digo abierto. Antes de la versi\u00f3n 2.10.1, un atacante pod\u00eda ejecutar comandos de forma remota agregando una cadena de conexi\u00f3n de fuente de datos h2 cuidadosamente construida. La vulnerabilidad se ha corregido en la versi\u00f3n 2.10.1."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      },
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "2.10.1",
              "matchCriteriaId": "58CDACB3-C8F7-4428-80BC-4AAA40E067A5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/dataease/dataease/security/advisories/GHSA-h7mj-m72h-qm8w",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ]
    }
  ]
}