How severe is CVE-2024-47073?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-47073?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2024-47073 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2019-20597

CRITICAL

CVSS:9.1(Critical)

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. SPENgesture allows arbitrary applications to read or modify user-input logs. The Samsung ID is SVE-2019-1417...

CWE-3472019

CVE-2020-12676

CRITICAL

CVSS:9.1(Critical)

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

CWE-3472020

CVE-2020-9753

CRITICAL

CVSS:9.1(Critical)

Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.

CWE-3472020

CVE-2021-29451

CRITICAL

CVSS:9.1(Critical)

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patch...

CWE-3472021

CVE-2021-30246

CRITICAL

CVSS:9.1(Critical)

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.

CWE-3472021

CVE-2023-34205

CRITICAL

CVSS:9.1(Critical)

In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrappin...

CWE-3472023