A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
The detailed mechanism of the vulnerability has not been disclosed in the available description. The attack vector (AV:N/AC:L/PR:N/UI:N) indicates that the exploit can be conducted remotely over the network, without the need for privileges or user interaction. CWE-1327 suggests improper management or validation in the security area.
An attacker can gain full control over the vulnerable system, which includes unauthorized access to data (confidentiality), ability to modify it (integrity), and disruption of service (availability).
Apache IoTDB should be updated as soon as possible to version 1.3.7 (for 1.x branch) or 2.0.7 (for 2.x branch), which contain a patch eliminating the described vulnerability.
Apache IoTDB in versions from 1.0.0 to 1.3.7 (excluding 1.3.7) and from 2.0.0 to 2.0.7 (excluding 2.0.7)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Iotdb
APPApache1.0.0 – 1.3.7 (bez)2.0.0 – 2.0.7 (bez)
Related vulnerabilities
Nieprawidłowa walidacja danych wejściowych w Apache IoTDB — RCE/injection
Apache IoTDB: RCE przez rejestrację złośliwej funkcji UDF z niezaufanego URI
RCE w Apache IoTDB — zdalne wykonanie kodu bez uwierzytelnienia
Deserializacja niezaufanych danych w Apache IoTDB (RCE)
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoT...