Session fixation

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

PYSEC-2022-43069

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38370

The CVE-2022-38370 issue affects the Apache IoTDB grafana-connector, specifically version 0.13.0, where an interface is exposed without authorization and can reveal internal database structures. The vulnerability is mitigated by upgrading to version 0.13.1, which addresses the issue. Connected so...

CVE-2022-38370 No authorization of DatabaseConnectController in grafana-connector.

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38369

CVE-2022-38369 affects Apache IoTDB 0.13.0, vulnerable to a session-id attack (session fixation) that could allow an attacker to hijack a user session. The issue is mitigated by upgrading to IoTDB 0.13.1 . The NVD entry lists a high-severity impact with network exploitation, requiring user intera...

CVE-2022-38369 Login check vulnerability by session Id

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

PT-2022-24391 · Apache · Apache Iotdb

Name of the Vulnerable Software and Affected Versions: Apache IoTDB version 0.13.0 Description: The issue is related to a session id attack. Users should upgrade to version 0.13.1 to address this issue. Recommendations: For Apache IoTDB version 0.13.0, upgrade to version 0.13.1 to resolve the iss...

PT-2022-24393 · Apache · Apache Iotdb Grafana-Connector

Name of the Vulnerable Software and Affected Versions: Apache IoTDB grafana-connector version 0.13.0 Description: The issue is related to an interface without authorization in the Apache IoTDB grafana-connector, which may expose the internal structure of a database. Recommendations: For Apache...

Apache IoTDB 授权问题漏洞

Apache IoTDB is an integrated data management engine designed for time-series data from the Apache Foundation that provides data collection, storage, and analysis services, etc. An authorization issue vulnerability exists in Apache IoTDB version 0.13.0, which stems from vulnerability to session i...

GHSA-WC6F-CJCP-CC33 Improper Certificate Validation in Apache IoTDB

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

Improper Certificate Validation in Apache IoTDB

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

Remote Code Execution

iotdb-server is vulnerable to remote code execution. The JMX port 31999 is exposed and allows an unauthenticated attacker to access and execute code on the system...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

Code injection

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

CVE-2020-1952

Summary: CVE-2020-1952 affects Apache IoTDB (versions 0.8.0–0.8.2 and 0.9.0–0.9.1). The issue is that the JMX port 31999 is exposed at startup without authentication, allowing remote code execution by an unauthenticated attacker. The connected documents corroborate the same description across mul...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...