Description
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
Remediation
References
https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E
Related Vulnerabilities
CVE-2021-3856 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2013-4940 Vulnerability in npm package yui
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2018-1000410 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2015-5344 Vulnerability in maven package org.apache.camel:camel-core