Published: 27/04/2020 Updated: 04/05/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache iotdb

oss-sec mailing list archives   By Date By Thread </form>    [CVE-2020-1952] Apache IoTDB (incubating) Remote Code execution vulnerability  <!--X-Head-of-Mess ...

Hi there 👋 About Me 🐼 前奇安信某实验室成员 🐱 擅长代码审计 java/go/python 🐶 CVE-2020-1947(Apache ShardingShpere RCE) CVE-2020-1952(Apache IotDb RCE) CVE-2020-11974(Apache DolphinScheduler RCE) CVE-2021-37580(Apache ShenYu Auth Bypass) 🐻 目前就职于甲方安全建设与安全开发 🐒 时不时写点文章或者一些工具

CWE-295 https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E https://nvd.nist.gov https://github.com/langligelang/langligelang http://seclists.org/oss-sec/2020/q2/73

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-1952

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect