12 results (0.003 seconds)

CVSS: -EPSS: 0%CPEs: 1EXPL: 0

Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://lists.apache.org/thread/d19p0vsm7nogp43q9m3tzm5jl6mzjj1x • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. Vulnerabilidad de ejecución remota de código en Apache IoTDB. Este problema afecta a Apache IoTDB: desde 1.0.0 hasta 1.2.2. Se recomienda a los usuarios actualizar a la versión 1.3.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/01/15/1 https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. Vulnerabilidad de deserialización de datos no confiables en Apache IoTDB. Este problema afecta a Apache IoTDB: desde 0.13.0 hasta 0.13.4. Se recomienda a los usuarios actualizar a la versión 1.2.2, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2023/12/21/5 https://lists.apache.org/thread/zy3klwpv11vl5n65josbfo2fyzxg3dxc • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards. • http://www.openwall.com/lists/oss-security/2023/04/18/7 https://lists.apache.org/thread/08nc3dr6lshfppx0pzmz5vbggdnzpojb • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4. • https://lists.apache.org/thread/3dgvzgstycf8b5hyf4z3n7cqdhcyln3l • CWE-287: Improper Authentication •