DataEase 2.4.0 - Database Configuration Information Exposure

vendor:

DataEase

by:

ByteHunter

6.1

CVSS

HIGH

Information Exposure

200

CWE

Product Name: DataEase

Affected Version From: 2.4.2000

Affected Version To: 2.5.2000

Patch Exists: NO

Related CWE: CVE-2024-30269

CPE: a:dataease:dataease:2.4.0

Metasploit:

Other Scripts:

Platforms Tested:

2024

DataEase 2.4.0 – Database Configuration Information Exposure

DataEase 2.4.0 to 2.5.0 allows remote attackers to obtain sensitive information via a crafted request to /de2api/engine/getEngine;.js, which results in the disclosure of database configuration details such as username, password, and port.

Mitigation:

Update to the latest version of DataEase to prevent this information exposure vulnerability.

Source

DataEase 2.4.0 – Database Configuration Information Exposure

Mitigation:

Exploit-DB raw data: