Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Iotdb
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25649 6 Apache, Fasterxml, Fedoraproject and 3 more 38 Iotdb, Jackson-databind, Fedora and 35 more 2022-07-25 5.0 MEDIUM 7.5 HIGH
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2020-1952 1 Apache 1 Iotdb 2020-05-04 7.5 HIGH 9.8 CRITICAL
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.