Lucene search
K
ApacheIotdb

8 matches found

CVE
CVE
added 2020/12/03 4:16 p.m.614 views

CVE-2020-25649

The CVE-2020-25649 entry concerns a flaw in FasterXML Jackson Databind where entity expansion was not properly secured, enabling XML External Entity (XXE) attacks. This is a data-integrity risk. Connected advisories consistently associate the issue with Jackson Databind and XXE, and several sourc...

7.5CVSS7.3AI score0.17611EPSS
CVE
CVE
added 2023/01/30 4:25 p.m.86 views

CVE-2023-24830

CVE-2023-24830 affects Apache IoTDB, specifically the iotdb-web-workbench component (0.13.0 before 0.13.3). The issue is described as an improper authentication vulnerability that can allow a remote attacker to bypass authorization. The most concrete exploitation detail in the connected sources n...

7.5CVSS7.5AI score0.01331EPSS
CVE
CVE
added 2022/10/26 12:0 a.m.83 views

CVE-2022-43766

CVE-2022-43766 affects Apache IoTDB versions 0.12.2–0.12.6 and 0.13.0–0.13.2. The issue is a Denial of Service caused by accepting untrusted REGEXP query patterns when running with Java 8, as described across multiple sources. The fixed release is 0.13.3 or newer, and using a later Java version a...

7.5CVSS7.5AI score0.01341EPSS
CVE
CVE
added 2022/09/05 9:50 a.m.72 views

CVE-2022-38370

The CVE-2022-38370 issue affects the Apache IoTDB grafana-connector, specifically version 0.13.0, where an interface is exposed without authorization and can reveal internal database structures. The vulnerability is mitigated by upgrading to version 0.13.1, which addresses the issue. Connected so...

7.5CVSS7.5AI score0.01146EPSS
CVE
CVE
added 2025/05/14 10:44 a.m.61 views

CVE-2025-26864

Apache IoTDB OpenIdAuthorizer is affected by CVE-2025-26864, allowing exposure of sensitive information to an unauthorized actor via log files. Affected versions are 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. The issue’s root cause is an information leakage into logs, enabling disclosure of sensit...

7.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2025/05/14 10:43 a.m.56 views

CVE-2025-26795

CVE-2025-26795 affects Apache IoTDB JDBC driver (iotdb-jdbc) versions 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. Root cause: insertion of sensitive information into log files, leading to exposure to unauthorized actors. Impact is High confidentiality (C:H, I/N/A:N). Affected component is iotdb-jdb...

7.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2025/09/24 7:59 a.m.26 views

CVE-2025-48392

Apache IoTDB contains a DoS vulnerability affecting 1.3.3–1.3.4 and 2.0.1-beta–2.0.4. The issue is fixed in 2.0.5. CVSS v3.1 metrics from NVD indicate HIGH impact with Availability loss (A=HIGH) and no confidentiality/integrity impact, network attack vector, low complexity, no auth required. Affe...

7.5CVSS6.6AI score0.00562EPSS
CVE
CVE
added last week13 views

CVE-2026-24012

CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...

7.5CVSS6AI score0.00546EPSS