Apache Iotdb
By the Year
In 2023 there have been 2 vulnerabilities in Apache Iotdb with an average score of 8.2 out of ten. Last year Iotdb had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Iotdb in 2023 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.22.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 2 | 8.15 |
| 2022 | 3 | 7.93 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 8.65 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Iotdb vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Iotdb Security Vulnerabilities
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component
CVE-2023-24829
8.8 - High
- January 31, 2023
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.
AuthZ
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component:
CVE-2023-24830
7.5 - High
- January 30, 2023
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
authentification
Apache IoTDB version 0.12.2 to 0.12.6
CVE-2022-43766
7.5 - High
- October 26, 2022
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization
CVE-2022-38370
7.5 - High
- September 05, 2022
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
AuthZ
Apache IoTDB version 0.13.0 is vulnerable by session id attack
CVE-2022-38369
8.8 - High
- September 05, 2022
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
Session Fixation
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly
CVE-2020-25649
7.5 - High
- December 03, 2020
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
XXE
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2
CVE-2020-1952
9.8 - Critical
- April 27, 2020
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Iotdb or by Apache? Click the Watch button to subscribe.
