CVE-2020-1952 – org.apache.iotdb:iotdb-parent

Package

Manager: maven
Name: org.apache.iotdb:iotdb-parent
Vulnerable Version: >=0 <0.9.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01653 pctl0.81304

Details

Improper Certificate Validation in Apache IoTDB An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Metadata

Created: 2022-01-06T19:45:30Z
Modified: 2021-05-25T20:27:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-wc6f-cjcp-cc33/GHSA-wc6f-cjcp-cc33.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-wc6f-cjcp-cc33
Finding: F163
Auto approve: 1