Vulnerabilities > Apache > Iotdb

DATE CVE VULNERABILITY TITLE RISK
2024-01-15 CVE-2023-46226 Unspecified vulnerability in Apache Iotdb 1.0.0/1.1.0/1.2.2
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-12-21 CVE-2023-51656 Unspecified vulnerability in Apache Iotdb
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-04-17 CVE-2023-24831 Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization.
network
low complexity
apache
critical
9.8
2023-01-31 CVE-2023-24829 Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3.
network
low complexity
apache
8.8
2023-01-30 CVE-2023-24830 Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
network
low complexity
apache
7.5
2022-10-26 CVE-2022-43766 Unspecified vulnerability in Apache Iotdb
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8.
network
low complexity
apache
7.5
2022-09-05 CVE-2022-38369 Session Fixation vulnerability in Apache Iotdb 0.13.0
Apache IoTDB version 0.13.0 is vulnerable by session id attack.
network
low complexity
apache CWE-384
8.8
2022-09-05 CVE-2022-38370 Missing Authorization vulnerability in Apache Iotdb 0.13.0
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database.
network
low complexity
apache CWE-862
7.5
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5
2020-04-27 CVE-2020-1952 Improper Certificate Validation vulnerability in Apache Iotdb
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2.
network
low complexity
apache CWE-295
critical
9.8