DataEase Server-Side Request Forgery Vulnerability in DB2 Datasource

A server-side request forgery (SSRF) vulnerability has been identified in DataEase versions 2.10.14 and prior, specifically within the DB2 datasource configuration. The issue arises because, while the vendor implemented a blacklist to filter ldap:// and ldaps:// protocols, they neglected to protect against the dns:// protocol. This oversight allows for exploitation of the application by sending crafted requests that could be intercepted or manipulated.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources, potentially leading to unauthorized data access or interaction with other services.

Reproduction

To reproduce this vulnerability, insert a payload into the JDBC connection string field that includes the dns:// protocol, and then click 'Get Schema'. The DNS log will receive a connection, confirming the successful exploitation of the SSRF vulnerability.

Remediation

Users are advised to upgrade to DataEase version 2.10.15, where this vulnerability has been fixed.