CVE-2023-35164

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jun 26, 2023

Updated: Jul 5, 2023

CWE ID 862

Summary

CVE-2023-35164 is a vulnerability affecting DataEase, an open-source data visualization analysis tool. This issue arises from a missing authorization check, enabling unauthorized users to manipulate administrator-created dashboards. Impacted versions need to be upgraded to 1.18.8 to mitigate the risk. Unfortunately, there are currently no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Data Ease

Affected Vendors

Dataease

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rySyTs
https://www.cve.org/CVERecord?id=CVE-2023-35164
https://nvd.nist.gov/vuln/detail/CVE-2023-35164

Back to Vulnerability Database