Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Remediation

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Related Vulnerabilities

CVE-2018-8006 Vulnerability in maven package org.apache.activemq:activemq-web-console

CVE-2020-6422 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-37951 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

CVE-2022-34201 Vulnerability in maven package com.convertigo.jenkins.plugins:convertigo-mobile-platform

CVE-2017-1000391 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory