CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36448 – Apache IoTDB Workbench: SSRF Vulnerability (EOL)
https://notcve.org/view.php?id=CVE-2024-36448
05 Aug 2024 — Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Wor... • https://lists.apache.org/thread/d19p0vsm7nogp43q9m3tzm5jl6mzjj1x • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-46226 – Apache IoTDB: Remote Code Execution (RCE) risk via the UDF
https://notcve.org/view.php?id=CVE-2023-46226
15 Jan 2024 — Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. Vulnerabilidad de ejecución remota de código en Apache IoTDB. Este problema afecta a Apache IoTDB: desde 1.0.0 hasta 1.2.2. Se recomienda a los usuarios actualizar a la versión 1.3.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/01/15/1 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51656 – Apache IoTDB: Unsafe deserialize map in Sync Tool
https://notcve.org/view.php?id=CVE-2023-51656
21 Dec 2023 — Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. Vulnerabilidad de deserialización de datos no confiables en Apache IoTDB. Este problema afecta a Apache IoTDB: desde 0.13.0 hasta 0.13.4. Se recomienda a los usuarios actualizar a la versión 1.2.2, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2023/12/21/5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-30771 – Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
https://notcve.org/view.php?id=CVE-2023-30771
17 Apr 2023 — Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards. • http://www.openwall.com/lists/oss-security/2023/04/18/7 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24831 – Apache IoTDB grafana-connector Login Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-24831
17 Apr 2023 — Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4. • https://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24829 – Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
https://notcve.org/view.php?id=CVE-2023-24829
31 Jan 2023 — Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. Vulnerabilidad de autorización incorrecta en Apache Software Foundation Apache IoTDB. Este problema afecta al componente iotdb-web-workbench desde la versión 0.13.0 anterior a la 0.... • https://lists.apache.org/thread/l0b59hh046tyn4gqot0bdrpg8gxlksmo • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-24830 – Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization
https://notcve.org/view.php?id=CVE-2023-24830
30 Jan 2023 — Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. • https://lists.apache.org/thread/l4fon37687jz5ohgsnz2ko9fv400915t • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43766 – Apache IoTDB prior to 0.13.3 allows DoS
https://notcve.org/view.php?id=CVE-2022-43766
26 Oct 2022 — Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. Apache IoTDB versiones 0.12.2 a 0.12.6 y 0.13.0 a 0.13.2, son vulnerables a un ataque de Denegación de Servicio cuando aceptan patrones no confiables para consultas REGEXP con Java versión 8. Los usuarios deben actualizar a versión 0.13.3, que... • https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38370 – No authorization of DatabaseConnectController in grafana-connector.
https://notcve.org/view.php?id=CVE-2022-38370
05 Sep 2022 — Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. Apache IoTDB grafana-connector versión 0.13.0, contiene una interfaz sin autorización, que puede exponer la estructura interna de la base de datos. Los usuarios deben actualizar a versión 0.13.1, que aborda este problema • http://www.openwall.com/lists/oss-security/2022/09/05/2 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38369 – Login check vulnerability by session Id
https://notcve.org/view.php?id=CVE-2022-38369
05 Sep 2022 — Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. Apache IoTDB versión 0.13.0, es vulnerable a un ataque de identificación de sesión. Los usuarios deben actualizar a versión 0.13.1 que aborda este problema • http://www.openwall.com/lists/oss-security/2022/09/05/1 • CWE-384: Session Fixation •