Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Remediation

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Related Vulnerabilities

CVE-2023-46660 Vulnerability in maven package org.jenkins-ci.plugins:zanata

CVE-2018-8006 Vulnerability in maven package org.apache.activemq:activemq-web-console

CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs

CVE-2023-25158 Vulnerability in maven package org.geotools:gt-main

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:jasper

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory