9 matches found
CVE-2020-1952
Summary: CVE-2020-1952 affects Apache IoTDB (versions 0.8.0–0.8.2 and 0.9.0–0.9.1). The issue is that the JMX port 31999 is exposed at startup without authentication, allowing remote code execution by an unauthenticated attacker. The connected documents corroborate the same description across mul...
CVE-2023-51656
CVE-2023-51656 concerns Apache IoTDB's Deserialization of Untrusted Data. The Red Hat/Veracode/CNVD/Sources show the vulnerability affects IoTDB releases 0.13.0–0.13.4 and can lead to arbitrary code execution via deserializing untrusted data. The issue is mitigated by upgrading to IoTDB 1.2.2, wh...
CVE-2024-24780
CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...
CVE-2023-46226
CVE-2023-46226 is an RCE issue in Apache IoTDB affecting 1.0.0–1.2.2. The vulnerability is tied to a UDF path/operation (as reflected across multiple sources) and is mitigated by upgrading to 1.3.0. Exploitation details are not provided in the supplied documents. Remediation: upgrade to IoTDB 1.3...
CVE-2023-24831
CVE-2023-24831 affects Apache IoTDB Grafana Connector (0.13.0–0.13.3). It is an improper authentication flaw allowing login without authorization. Fixed in 0.13.4. Remediation: upgrade to 0.13.4+; monitor advisories for patch availability.
CVE-2026-24013
CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...
CVE-2026-24713
CVE-2026-24713 relates to an improper input validation vulnerability in Apache IoTDB. Affected versions are 1.0.0 before 1.3.7 and 2.0.0 before 2.0.7. Upgrading to 1.3.7 or 2.0.7 is recommended as a fix. Some sources describe the impact as potentially enabling remote code execution through crafte...
CVE-2026-24015
CVE-2026-24015 (Apache IoTDB) affects IoTDB releases prior to 1.3.7 and prior to 2.0.7. Affected components include iotdb-server and related libraries (node-commons). Root cause described across sources is an insecure default configuration that allows binding to an unrestricted IP address, enabli...
CVE-2026-24014
CVE-2026-24014 — Apache IoTDB Path Traversal in DataNode Trigger JAR Upload : The issue arises in IoTDB’s DataNode internal RPC interface used to create Trigger instances. The JAR name is used to build a file path without sufficient validation, enabling path traversal if the RPC port is reachable...