17 matches found
CVE-2020-25649
The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...
CVE-2020-1952
Summary: CVE-2020-1952 affects Apache IoTDB (versions 0.8.0–0.8.2 and 0.9.0–0.9.1). The issue is that the JMX port 31999 is exposed at startup without authentication, allowing remote code execution by an unauthenticated attacker. The connected documents corroborate the same description across mul...
CVE-2024-24780
CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...
CVE-2023-46226
CVE-2023-46226 is an RCE issue in Apache IoTDB affecting 1.0.0–1.2.2. The vulnerability is tied to a UDF path/operation (as reflected across multiple sources) and is mitigated by upgrading to 1.3.0. Exploitation details are not provided in the supplied documents. Remediation: upgrade to IoTDB 1.3...
CVE-2023-24830
CVE-2023-24830 affects Apache IoTDB, specifically the iotdb-web-workbench component (0.13.0 before 0.13.3). The issue is described as an improper authentication vulnerability that can allow a remote attacker to bypass authorization. The most concrete exploitation detail in the connected sources n...
CVE-2023-51656
CVE-2023-51656 concerns Apache IoTDB's Deserialization of Untrusted Data. The Red Hat/Veracode/CNVD/Sources show the vulnerability affects IoTDB releases 0.13.0–0.13.4 and can lead to arbitrary code execution via deserializing untrusted data. The issue is mitigated by upgrading to IoTDB 1.2.2, wh...
CVE-2022-43766
CVE-2022-43766 affects Apache IoTDB versions 0.12.2–0.12.6 and 0.13.0–0.13.2. The issue is a Denial of Service caused by accepting untrusted REGEXP query patterns when running with Java 8, as described across multiple sources. The fixed release is 0.13.3 or newer, and using a later Java version a...
CVE-2022-38369
CVE-2022-38369 affects Apache IoTDB 0.13.0, vulnerable to a session-id attack (session fixation) that could allow an attacker to hijack a user session. The issue is mitigated by upgrading to IoTDB 0.13.1 . The NVD entry lists a high-severity impact with network exploitation, requiring user intera...
CVE-2023-24831
CVE-2023-24831 affects Apache IoTDB Grafana Connector (0.13.0–0.13.3). It is an improper authentication flaw allowing login without authorization. Fixed in 0.13.4. Remediation: upgrade to 0.13.4+; monitor advisories for patch availability.
CVE-2022-38370
The CVE-2022-38370 issue affects the Apache IoTDB grafana-connector, specifically version 0.13.0, where an interface is exposed without authorization and can reveal internal database structures. The vulnerability is mitigated by upgrading to version 0.13.1, which addresses the issue. Connected so...
CVE-2025-26864
Apache IoTDB OpenIdAuthorizer is affected by CVE-2025-26864, allowing exposure of sensitive information to an unauthorized actor via log files. Affected versions are 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. The issue’s root cause is an information leakage into logs, enabling disclosure of sensit...
CVE-2023-24829
CVE-2023-24829 involves an Incorrect Authorization vulnerability in the iotdb-web-workbench component of Apache IoTDB. The issue affects iotdb-web-workbench from 0.13.0 up to versions before 0.13.3, and is fixed starting with 0.13.3. iotdb-web-workbench is an optional web console for IoTDB. Conse...
CVE-2025-26795
CVE-2025-26795 affects Apache IoTDB JDBC driver (iotdb-jdbc) versions 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. Root cause: insertion of sensitive information into log files, leading to exposure to unauthorized actors. Impact is High confidentiality (C:H, I/N/A:N). Affected component is iotdb-jdb...
CVE-2025-48459
CVE-2025-48459 concerns Apache IoTDB, where deserialization of untrusted data could be exploited via attacker-controlled serialized objects. Affected: IoTDB 1.0.0 up to, but not including, 2.0.5. Reports across multiple sources describe potential ability to execute arbitrary code or alter server ...
CVE-2025-48392
Apache IoTDB contains a DoS vulnerability affecting 1.3.3–1.3.4 and 2.0.1-beta–2.0.4. The issue is fixed in 2.0.5. CVSS v3.1 metrics from NVD indicate HIGH impact with Availability loss (A=HIGH) and no confidentiality/integrity impact, network attack vector, low complexity, no auth required. Affe...
CVE-2026-24015
CVE-2026-24015 affects Apache IoTDB and is described in connected records as an Insecure Default Configuration Vulnerability . Affected versions are IoTDB 1.0.0 up to, but not including, 1.3.7 and IoTDB 2.0.0 up to, but not including, 2.0.7. The recommended remediation is to upgrade to IoTDB 1.3....
CVE-2026-24713
CVE-2026-24713 is an Apache IoTDB issue described as an Improper Input Validation vulnerability that affects IoTDB releases prior to 1.3.7 and prior to 2.0.7 (i.e., 1.0.0–1.3.6 and 2.0.0–2.0.6). The connected CVE record additionally labels this as a JEXL Expression Injection vulnerability. Affect...