Apache Iotdb
By the Year
In 2024 there have been 1 vulnerability in Apache Iotdb with an average score of 9.8 out of ten. Last year Iotdb had 5 security vulnerabilities published. Right now, Iotdb is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.66.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 9.80 |
| 2023 | 5 | 9.14 |
| 2022 | 3 | 7.93 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 8.65 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Iotdb vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Iotdb Security Vulnerabilities
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2
CVE-2023-46226
9.8 - Critical
- January 15, 2024
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4
CVE-2023-51656
9.8 - Critical
- December 21, 2023
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.
Marshaling, Unmarshaling
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3
CVE-2023-30771
9.8 - Critical
- April 17, 2023
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.
AuthZ
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector:
CVE-2023-24831
9.8 - Critical
- April 17, 2023
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.
authentification
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component
CVE-2023-24829
8.8 - High
- January 31, 2023
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.
AuthZ
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component:
CVE-2023-24830
7.5 - High
- January 30, 2023
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
authentification
Apache IoTDB version 0.12.2 to 0.12.6
CVE-2022-43766
7.5 - High
- October 26, 2022
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization
CVE-2022-38370
7.5 - High
- September 05, 2022
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
AuthZ
Apache IoTDB version 0.13.0 is vulnerable by session id attack
CVE-2022-38369
8.8 - High
- September 05, 2022
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
Session Fixation
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly
CVE-2020-25649
7.5 - High
- December 03, 2020
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
XXE
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2
CVE-2020-1952
9.8 - Critical
- April 27, 2020
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Iotdb or by Apache? Click the Watch button to subscribe.
