Volerion logoVolerion
Volerion logoVolerion

DataEase PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability

Vulnerability

A bypass vulnerability has been identified in DataEase versions through 2.10.10, specifically within the PostgreSQL Data Source JDBC Connection Parameters. The vulnerability arises from the sslfactory and sslfactoryarg parameters, which could be manipulated to bypass certain security measures. This issue has been addressed in version 2.10.11.

Impact

Exploitation of this vulnerability allows for a bypass of the intended security controls in the JDBC connection parameters, potentially leading to unauthorized actions or access.

Reproduction

To reproduce this vulnerability, enter a crafted JDBC connection string into the Hostname/IP Address field, including a specified sslfactory and sslfactoryarg parameter. After sending the request, monitor for a response that indicates the vulnerability has been successfully exploited, such as receiving an uppercase 'S' signal.

Remediation

Users are advised to upgrade to DataEase version 2.10.11, where this vulnerability has been patched.

Added: Jul 1, 2025, 1:21 AM
Updated: Jul 1, 2025, 1:21 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
6.0
remediation
7.7
relevance
0.2
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.