PYSEC-2023-6

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3...

Authentication flaw

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...

CVE-2023-24830

CVE-2023-24830 affects Apache IoTDB, specifically the iotdb-web-workbench component (0.13.0 before 0.13.3). The issue is described as an improper authentication vulnerability that can allow a remote attacker to bypass authorization. The most concrete exploitation detail in the connected sources n...

CVE-2023-24830 Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...

CVE-2023-24830 Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...

Apache IoTDB 授权问题漏洞

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation that provides data collection, storage, and analysis services, among other things. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0 up to and including 0.13....

Denial Of Service(DoS)

Apache IoTDB is vulnerable to denial of service. The vulnerability exists in multiple functions due to untrusted patterns for REGEXP queries which allows an attacker to crash the application via malicious input. This vulnerability is only applicable to Java 8...

GHSA-G6HG-4V3C-6JQ7 Apache IoTDB subject to ReDOS with Java 8

Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later version of Java to avoid it...

CVE-2022-43766

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

PYSEC-2022-42972

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

PYSEC-2022-42972

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

Design/Logic Flaw

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

CVE-2022-43766 Apache IoTDB prior to 0.13.3 allows DoS

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

PT-2022-27026 · Apache · Apache Iotdb

Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 0.12.2 through 0.12.6 Apache IoTDB versions 0.13.0 through 0.13.2 Description: The issue is a Denial of Service attack that occurs when Apache IoTDB accepts untrusted patterns for REGEXP queries with Java 8. Users can...

CVE-2022-43766 Apache IoTDB prior to 0.13.3 allows DoS

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

Apache IoTDB 安全漏洞

Apache IoTDB is an integrated data management engine designed for time series data from the Apache Foundation USA that provides data collection, storage, and analysis services, among other things. A security vulnerability exists in Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through...

Insecure Session Management

org.apache.iotdb:iotdb-server uses insecure session management. Lack of proper validation of session ID at checkLogin function allows an attacker to bypass the intended authentication behavior through a session id attack...

GHSA-G6VM-3CH8-C6JQ Apache IoTDB Session Fixation vulnerability

Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

Apache IoTDB Session Fixation vulnerability

Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

Apache IoTDB grafana-connector contains an interface without authorization

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of a database. Users should upgrade to version 0.13.1, which addresses this issue...