Vulnerabilities > Apache > Iotdb > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-31 CVE-2023-24829 Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3.
network
low complexity
apache
8.8
2023-01-30 CVE-2023-24830 Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
network
low complexity
apache
7.5
2022-10-26 CVE-2022-43766 Unspecified vulnerability in Apache Iotdb
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8.
network
low complexity
apache
7.5
2022-09-05 CVE-2022-38369 Session Fixation vulnerability in Apache Iotdb 0.13.0
Apache IoTDB version 0.13.0 is vulnerable by session id attack.
network
low complexity
apache CWE-384
8.8
2022-09-05 CVE-2022-38370 Missing Authorization vulnerability in Apache Iotdb 0.13.0
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database.
network
low complexity
apache CWE-862
7.5
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5