Lucene search
K
ApacheIotdb

9 matches found

CVE
CVE
added 2020/04/27 4:16 p.m.115 views

CVE-2020-1952

Summary: CVE-2020-1952 affects Apache IoTDB (versions 0.8.0–0.8.2 and 0.9.0–0.9.1). The issue is that the JMX port 31999 is exposed at startup without authentication, allowing remote code execution by an unauthenticated attacker. The connected documents corroborate the same description across mul...

9.8CVSS9.5AI score0.02676EPSS
CVE
CVE
added 2023/12/21 11:47 a.m.103 views

CVE-2023-51656

CVE-2023-51656 concerns Apache IoTDB's Deserialization of Untrusted Data. The Red Hat/Veracode/CNVD/Sources show the vulnerability affects IoTDB releases 0.13.0–0.13.4 and can lead to arbitrary code execution via deserializing untrusted data. The issue is mitigated by upgrading to IoTDB 1.2.2, wh...

9.8CVSS9.5AI score0.01035EPSS
CVE
CVE
added 2025/05/14 10:42 a.m.99 views

CVE-2024-24780

CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...

9.8CVSS7.2AI score0.01304EPSS
CVE
CVE
added 2024/01/15 10:35 a.m.90 views

CVE-2023-46226

CVE-2023-46226 is an RCE issue in Apache IoTDB affecting 1.0.0–1.2.2. The vulnerability is tied to a UDF path/operation (as reflected across multiple sources) and is mitigated by upgrading to 1.3.0. Exploitation details are not provided in the supplied documents. Remediation: upgrade to IoTDB 1.3...

9.8CVSS9.8AI score0.01917EPSS
CVE
CVE
added 2023/04/17 6:42 a.m.78 views

CVE-2023-24831

CVE-2023-24831 affects Apache IoTDB Grafana Connector (0.13.0–0.13.3). It is an improper authentication flaw allowing login without authorization. Fixed in 0.13.4. Remediation: upgrade to 0.13.4+; monitor advisories for patch availability.

9.8CVSS9.4AI score0.01222EPSS
CVE
CVE
added 2026/07/06 8:38 a.m.20 views

CVE-2026-24013

CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...

9.1CVSS6AI score0.00471EPSS
CVE
CVE
added 2026/03/09 8:59 a.m.20 views

CVE-2026-24713

CVE-2026-24713 relates to an improper input validation vulnerability in Apache IoTDB. Affected versions are 1.0.0 before 1.3.7 and 2.0.0 before 2.0.7. Upgrading to 1.3.7 or 2.0.7 is recommended as a fix. Some sources describe the impact as potentially enabling remote code execution through crafte...

9.8CVSS5.8AI score0.00662EPSS
CVE
CVE
added 2026/03/09 8:57 a.m.18 views

CVE-2026-24015

CVE-2026-24015 (Apache IoTDB) affects IoTDB releases prior to 1.3.7 and prior to 2.0.7. Affected components include iotdb-server and related libraries (node-commons). Root cause described across sources is an insecure default configuration that allows binding to an unrestricted IP address, enabli...

9.8CVSS5.8AI score0.00584EPSS
CVE
CVE
added 2026/07/06 8:34 a.m.14 views

CVE-2026-24014

CVE-2026-24014 — Apache IoTDB Path Traversal in DataNode Trigger JAR Upload : The issue arises in IoTDB’s DataNode internal RPC interface used to create Trigger instances. The JAR name is used to build a file path without sufficient validation, enabling path traversal if the RPC port is reachable...

9.8CVSS6AI score0.00509EPSS