Description
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
Remediation
References
https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E
Related Vulnerabilities
CVE-2019-0205 Vulnerability in maven package org.apache.thrift:libthrift
CVE-2021-21179 Vulnerability in maven package org.webjars.npm:electron
CVE-2019-13416 Vulnerability in maven package com.floragunn:search-guard-6
CVE-2018-1000191 Vulnerability in maven package com.blackducksoftware.integration:blackduck-detect
CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.api