CVE-2022-23331

EUVD-2022-28411
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
dataeasedataease
1.6.1
𝑥
= Vulnerable software versions
References
https://github.com/dataease/dataease/issues/1618
https://github.com/dataease/dataease/issues/1618