Lucene search
K

5 matches found

CVE
CVE
added 2025/05/14 10:42 a.m.98 views

CVE-2024-24780

CVE-2024-24780 describes a Remote Code Execution flaw in Apache IoTDB via untrusted UDF (user-defined function) registration. An attacker with the privilege to create UDFs can register a malicious function from an untrusted URI, leading to code execution. Affected products/versions: IoTDB 1.0.0 u...

9.8CVSS7.2AI score0.01304EPSS
CVE
CVE
added 2025/05/14 10:44 a.m.61 views

CVE-2025-26864

Apache IoTDB OpenIdAuthorizer is affected by CVE-2025-26864, allowing exposure of sensitive information to an unauthorized actor via log files. Affected versions are 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. The issue’s root cause is an information leakage into logs, enabling disclosure of sensit...

7.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2025/05/14 10:43 a.m.56 views

CVE-2025-26795

CVE-2025-26795 affects Apache IoTDB JDBC driver (iotdb-jdbc) versions 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. Root cause: insertion of sensitive information into log files, leading to exposure to unauthorized actors. Impact is High confidentiality (C:H, I/N/A:N). Affected component is iotdb-jdb...

7.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2025/09/24 7:57 a.m.38 views

CVE-2025-48459

CVE-2025-48459 concerns Apache IoTDB, where deserialization of untrusted data could be exploited via attacker-controlled serialized objects. Affected: IoTDB 1.0.0 up to, but not including, 2.0.5. Reports across multiple sources describe potential ability to execute arbitrary code or alter server ...

5.3CVSS6.6AI score0.00457EPSS
CVE
CVE
added 2025/09/24 7:59 a.m.26 views

CVE-2025-48392

Apache IoTDB contains a DoS vulnerability affecting 1.3.3–1.3.4 and 2.0.1-beta–2.0.4. The issue is fixed in 2.0.5. CVSS v3.1 metrics from NVD indicate HIGH impact with Availability loss (A=HIGH) and no confidentiality/integrity impact, network attack vector, low complexity, no auth required. Affe...

7.5CVSS6.6AI score0.00562EPSS