PT-2020-5583 · Apache · Apache Iotdb

Published

2020-04-27

Updated

2022-01-06

CVE-2020-1952

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 0.8.0 through 0.8.2 Apache IoTDB versions 0.9.0 through 0.9.1

Description The issue is related to the exposure of the JMX port 31999 without certification in Apache IoTDB, allowing remote code execution. When IoTDB is started, this port is exposed, enabling clients to execute code remotely.

Recommendations For Apache IoTDB versions 0.8.0 through 0.8.2, consider disabling the JMX port 31999 until a patch is available. For Apache IoTDB versions 0.9.0 through 0.9.1, consider disabling the JMX port 31999 until a patch is available.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

BDU:2021-01204

CVE-2020-1952

GHSA-WC6F-CJCP-CC33

Affected Products

Apache Iotdb

PT-2020-5583 · Apache · Apache Iotdb

CVE-2020-1952

Weakness Enumeration

Related Identifiers

Affected Products

References · 6