Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Remediation

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Related Vulnerabilities

CVE-2021-36152 Vulnerability in maven package org.apache.gobblin:gobblin-core

CVE-2014-0363 Vulnerability in maven package org.igniterealtime.smack:smack-core

CVE-2017-11479 Vulnerability in npm package kibana

CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.11

CVE-2020-2188 Vulnerability in maven package org.jenkins-ci.plugins:ec2

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory