CVE-2020-1952 Vulnerability in maven package org.apache.iotdb:iotdb-server

Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Remediation

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Related Vulnerabilities

CVE-2019-11269 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty

CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder

CVE-2014-2059 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H