Jialin Qiao

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB Grafana Connector versions 0.13.0 through 0.13.3 **Description** The issue is related to improper authentication, allowing attackers to log in without authorization. This is a significant security concern as it could lead to unauthorized access to sensitive data or systems. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions 0.13.0 through 0.13.3, update to version 0.13.4 to resolve the issue. As a temporary workaround, consider restricting access to the affected system until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB iotdb-web-workbench version 0.13.3 **Description** The issue is related to an Incorrect Authorization vulnerability in the iotdb-web-workbench component of Apache IoTDB. This component provides a web console for the database and is an optional part of IoTDB. The problem has been fixed from version 0.13.4 of iotdb-web-workbench onwards. **Recommendations** For version 0.13.3 of iotdb-web-workbench, update to version 0.13.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the iotdb-web-workbench component until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB iotdb-web-workbench versions 0.13.0 through 0.13.2 **Description** The issue is related to an Incorrect Authorization vulnerability in the iotdb-web-workbench component of Apache IoTDB. This component provides a web console for the database and is an optional part of IoTDB. The vulnerability can be exploited by a remote attacker to elevate their privileges. **Recommendations** For versions 0.13.0 through 0.13.2, update to version 0.13.3 or later of the iotdb-web-workbench component to resolve the issue. As a temporary workaround, consider restricting access to the iotdb-web-workbench component until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB versions 0.13.0 through 0.13.2 **Description** The issue is related to an Improper Authentication vulnerability in the Apache Software Foundation Apache IoTDB, specifically affecting the iotdb-web-workbench component. This vulnerability may allow unauthorized access. **Recommendations** For Apache IoTDB versions 0.13.0 through 0.13.2, update to version 0.13.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the iotdb-web-workbench component until a patch is applied.