4 matches found
CVE-2023-51656
CVE-2023-51656 concerns Apache IoTDB's Deserialization of Untrusted Data. The Red Hat/Veracode/CNVD/Sources show the vulnerability affects IoTDB releases 0.13.0–0.13.4 and can lead to arbitrary code execution via deserializing untrusted data. The issue is mitigated by upgrading to IoTDB 1.2.2, wh...
CVE-2023-24830
CVE-2023-24830 affects Apache IoTDB, specifically the iotdb-web-workbench component (0.13.0 before 0.13.3). The issue is described as an improper authentication vulnerability that can allow a remote attacker to bypass authorization. The most concrete exploitation detail in the connected sources n...
CVE-2023-24831
CVE-2023-24831 affects Apache IoTDB Grafana Connector (0.13.0–0.13.3). It is an improper authentication flaw allowing login without authorization. Fixed in 0.13.4. Remediation: upgrade to 0.13.4+; monitor advisories for patch availability.
CVE-2023-24829
CVE-2023-24829 involves an Incorrect Authorization vulnerability in the iotdb-web-workbench component of Apache IoTDB. The issue affects iotdb-web-workbench from 0.13.0 up to versions before 0.13.3, and is fixed starting with 0.13.3. iotdb-web-workbench is an optional web console for IoTDB. Conse...