Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Remediation

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Related Vulnerabilities

CVE-2016-0734 Vulnerability in maven package org.apache.activemq:activemq-parent

CVE-2017-15683 Vulnerability in maven package org.craftercms:crafter-studio

CVE-2015-7536 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-34238 Vulnerability in npm package gatsby-transformer-remark

CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory