CVE-2020-1952 Vulnerability in maven package org.apache.iotdb:iotdb-server

Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Remediation

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Related Vulnerabilities

CVE-2022-43410 Vulnerability in maven package org.jenkins-ci.plugins:mercurial

CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project

CVE-2023-30542 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2022-36912 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat

CVE-2019-10458 Vulnerability in maven package org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H