CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26864 – Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication
https://notcve.org/view.php?id=CVE-2025-26864
14 May 2025 — Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. Vulnerabilidad de exposición de información confidencial a un agente no autorizado e inserción de información confidencial en archivos de registro en OpenIdAuthorizer de Apache... • https://lists.apache.org/thread/2kcjnlypppk8qjh17dpz0jvkcpn6l162 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26795 – Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver
https://notcve.org/view.php?id=CVE-2025-26795
14 May 2025 — Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue. Vulnerabilidad de exposición de información confidencial a un agente no autorizado e inserción de información confidencial en archivos de registro en el controlador JDBC de Apache IoTDB. Est... • https://lists.apache.org/thread/bj0ytxr5wg0c4jw8xm7rhfd8ogho0r91 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24780 – Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
https://notcve.org/view.php?id=CVE-2024-24780
14 May 2025 — Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. Vulnerabilidad de ejecución remota de código con URI no confiable de UDF en Apache IoTDB. • https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36448 – Apache IoTDB Workbench: SSRF Vulnerability (EOL)
https://notcve.org/view.php?id=CVE-2024-36448
05 Aug 2024 — Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Wor... • https://lists.apache.org/thread/d19p0vsm7nogp43q9m3tzm5jl6mzjj1x • CWE-918: Server-Side Request Forgery (SSRF) •