CVE-2023-46226

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.0.0 through 1.2.2

Description The issue is a Remote Code Execution vulnerability in Apache IoTDB, which exists due to insufficient input validation. This allows a remote attacker to execute arbitrary code. Users are recommended to upgrade to a fixed version.

Recommendations For Apache IoTDB versions 1.0.0 through 1.2.2, upgrade to version 1.3.0, which fixes the issue.

Fix

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

BDU:2024-00947

CVE-2023-46226

GHSA-RXGG-273W-RFW7

PYSEC-2024-11

Affected Products

Apache Iotdb

CVE-2023-46226

Weakness Enumeration

Related Identifiers

Affected Products

References · 14