CVE-2020-1952 Vulnerability in maven package org.apache.iotdb:iotdb-server

Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Remediation

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Related Vulnerabilities

CVE-2017-1000401 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-2125 Vulnerability in maven package ru.yandex.jenkins.plugins.debuilder:debian-package-builder

CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2016-7103 Vulnerability in maven package org.webjars:jquery-ui

CVE-2014-0074 Vulnerability in maven package org.apache.shiro:shiro-core

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H