Search Results (24 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-38370 1 Apache 1 Iotdb 2024-11-21 7.5 High
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
CVE-2022-38369 1 Apache 1 Iotdb 2024-11-21 8.8 High
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
CVE-2020-25649 7 Apache, Fasterxml, Fedoraproject and 4 more 50 Iotdb, Jackson-databind, Fedora and 47 more 2024-11-21 7.5 High
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2020-1952 1 Apache 1 Iotdb 2024-11-21 9.8 Critical
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.