237 matches found
Withdrawn Advisory: Apache IoTDB contains Improper Authentication
Withdrawn Advisory This advisory has been withdrawn because the affected component, org.apache.iotdb.admin:iotdb-web-workbench, is not in a supported ecosystem. This link is maintained to preserve external references. Original Description Improper Authentication vulnerability in Apache Software...
CVE-2023-24830
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...
CVE-2023-24830
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...
Authentication flaw
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...
PYSEC-2023-6
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3...
PYSEC-2023-6
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3...
CVE-2023-24830 Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...
CVE-2023-24830
CVE-2023-24830 affects Apache IoTDB, specifically the iotdb-web-workbench component (0.13.0 before 0.13.3). The issue is described as an improper authentication vulnerability that can allow a remote attacker to bypass authorization. The most concrete exploitation detail in the connected sources n...
CVE-2023-24830 Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...
Apache IoTDB 授权问题漏洞
Apache IoTDB is an integrated data management engine designed for time-series data from the Apache USA Foundation that provides data collection, storage, and analysis services, among other things. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0 up to and including 0.13....
Denial Of Service(DoS)
Apache IoTDB is vulnerable to denial of service. The vulnerability exists in multiple functions due to untrusted patterns for REGEXP queries which allows an attacker to crash the application via malicious input. This vulnerability is only applicable to Java 8...
org.apache.iotdb:customize-mqtt-example (>=0.13.0 <=0.13.2), org.apache.iotdb:integration (>=0.13.0 <=0.13.2) +5 more potentially affected by CVE-2022-43766 via org.apache.iotdb:iotdb-server (>=0.12.2 <=0.13.2)
org.apache.iotdb:iotdb-server MAVEN version =0.12.2, =0.13.0, =0.13.0, =0.12.2, =0.12.2, =0.12.6, =0.13.0, =0.12.2, =0.13.2 Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...
io.edurt.datacap:datacap-jdbc-iotdb (>=1.7.0 <=1.8.0), org.apache.iotdb:client-example (>=0.12.2 <=0.13.2) +37 more potentially affected by CVE-2022-43766 via org.apache.iotdb:tsfile (>=0.12.2 <=0.13.2)
org.apache.iotdb:tsfile MAVEN version =0.12.2, =1.7.0, =0.12.2, =0.13.0, =0.13.1, =0.12.2, =0.12.2, =0.12.2, =0.12.2, =0.12.2, =0.13.0, =0.12.2, =0.12.2, =0.12.2, =0.12.2, =0.13.0, =0.13.2 and more Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...
GHSA-G6HG-4V3C-6JQ7 Apache IoTDB subject to ReDOS with Java 8
Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later version of Java to avoid it...
Apache IoTDB subject to ReDOS with Java 8
Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later version of Java to avoid it...
CVE-2022-43766
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...
CVE-2022-43766
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...
Design/Logic Flaw
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...
PYSEC-2022-42972
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...
PYSEC-2022-42972
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...