cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-36448,https://securityvulnerability.io/vulnerability/CVE-2024-36448,UNSUPPORTED: Apache IoTDB Workbench SVRF Vulnerability Affects Retired Product,"A Server-Side Request Forgery (SSRF) vulnerability exists in the Apache IoTDB Workbench, specifically beginning from version 0.13.0. This issue arises due to a lack of adequate input validation, permitting attackers to craft requests to internal systems and potentially expose sensitive information. As Apache IoTDB Workbench is an unsupported project, no patches or updates are planned to mitigate this vulnerability. Users are advised to either seek alternative solutions or enforce strict access controls to limit exposure to trusted users only.",Apache,Apache Iotdb Workbench,7.3,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-08-05T09:53:38.194Z,0
CVE-2023-46226,https://securityvulnerability.io/vulnerability/CVE-2023-46226,Apache IoTDB: Remote Code Execution (RCE) risk via the UDF,"A vulnerability in Apache IoTDB allows remote attackers to execute arbitrary code on the target server due to improper handling of user input. This issue affects multiple versions, specifically from 1.0.0 through 1.2.2. Users are strongly encouraged to upgrade to version 1.3.0 or later, where this vulnerability has been resolved, ensuring the protection of their systems against potential malicious exploits.",Apache,Apache IoTDB,9.8,CRITICAL,0.005260000005364418,false,,false,false,false,,,false,false,,2024-01-15T10:35:49.810Z,0
CVE-2023-51656,https://securityvulnerability.io/vulnerability/CVE-2023-51656,Apache IoTDB: Unsafe deserialize map in Sync Tool,"A deserialization of untrusted data vulnerability exists in Apache IoTDB versions 0.13.0 to 0.13.4, which could allow an attacker to manipulate the application's behavior by crafting malicious input data. It is crucial for users to upgrade to version 1.2.2 to remediate this issue, ensuring the security and integrity of data processing within IoTDB environments.",Apache,Apache IoTDB,9.8,CRITICAL,0.04032000154256821,false,,false,false,false,,,false,false,,2023-12-21T12:15:00.000Z,0
CVE-2023-30771,https://securityvulnerability.io/vulnerability/CVE-2023-30771,Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench,"An incorrect authorization vulnerability exists in the iotdb-web-workbench component of Apache IoTDB, affecting version 0.13.3. This component serves as a web console for database management but lacks proper authorization checks, potentially allowing unauthorized users to access secured functions. Users are advised to upgrade to version 0.13.4 or later to mitigate this security risk.",Apache,Apache Iotdb Workbench,9.8,CRITICAL,0.04585999995470047,false,,false,false,false,,,false,false,,2023-04-17T08:15:00.000Z,0
CVE-2023-24831,https://securityvulnerability.io/vulnerability/CVE-2023-24831,Apache IoTDB grafana-connector Login Bypass Vulnerability,"An improper authentication vulnerability exists in the Apache IoTDB Grafana Connector that allows unauthorized access to the system. This flaw impacts versions 0.13.0 through 0.13.3, enabling attackers to log in without proper credentials. The issue has been addressed in version 0.13.4, which mitigates the risk by enforcing correct authentication measures.",Apache,Apache Iotdb,9.8,CRITICAL,0.022129999473690987,false,,false,false,false,,,false,false,,2023-04-17T07:15:00.000Z,0
CVE-2023-24829,https://securityvulnerability.io/vulnerability/CVE-2023-24829,Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench,"An Incorrect Authorization vulnerability has been identified in the Apache IoTDB project's web workbench component. This issue affects versions 0.13.0 through 0.13.2 and could allow unauthorized users to gain access to sensitive functionalities. The web workbench serves as a console for managing the IoTDB database, making this a significant security concern. Users are advised to upgrade to version 0.13.3 or later to mitigate this vulnerability and protect their systems.",Apache,Apache IoTDB Workbench,8.8,HIGH,0.0022499999031424522,false,,false,false,false,,,false,false,,2023-01-31T10:15:00.000Z,0
CVE-2023-24830,https://securityvulnerability.io/vulnerability/CVE-2023-24830,Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization,"An improper authentication vulnerability exists in the iotdb-web-workbench component of Apache IoTDB, affecting versions prior to 0.13.3. This flaw could allow unauthorized users to access restricted areas of the web workbench, potentially exposing sensitive data and resources.",Apache,Apache IoTDB Workbench,7.5,HIGH,0.0016299999551847577,false,,false,false,false,,,false,false,,2023-01-30T17:15:00.000Z,0
CVE-2022-43766,https://securityvulnerability.io/vulnerability/CVE-2022-43766,Apache IoTDB prior to 0.13.3 allows DoS,"Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.",Apache,Apache Iotdb,7.5,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2022-10-26T00:00:00.000Z,0
CVE-2022-38370,https://securityvulnerability.io/vulnerability/CVE-2022-38370,"No authorization of DatabaseConnectController in grafana-connector. ","Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.",Apache,Apache Iotdb,7.5,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2022-09-05T09:50:10.000Z,0
CVE-2022-38369,https://securityvulnerability.io/vulnerability/CVE-2022-38369,Login check vulnerability by session Id,Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.,Apache,Apache Iotdb,8.8,HIGH,0.01396000012755394,false,,false,false,false,,,false,false,,2022-09-05T09:50:09.000Z,0