Improper input validation in DataEase - CVE-2023-28637
Published: March 28, 2023 / Updated: April 16, 2026
Vulnerability identifier: #VU126325
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-28637
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
DataEase
DataEase
Software vendor:
DataEase
DataEase
Description
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to improper input validation in the AWS Redshift data source configuration handling when processing user-supplied data source connection properties. A remote user can send a specially crafted data source validation request to execute arbitrary code.
Exploitation requires access to data source handling functionality and the ability to supply crafted Redshift connection properties.
Remediation
Install security update from vendor's website.