CVE-2020-1952

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

9.8CRITICAL

EPSS

1.7%

top 17.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Iotdb

Timeline

PublishedApr 27

Latest updateJan 6

Description

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.iotdb:iotdb-parent< 0.9.2

▶NVDapache/iotdb0.8.0 — 0.8.2+1

▶CVEListV5apache/iotdb0.8.0 to 0.8.2, 0.9.0 to 0.9.1+1

🔴Vulnerability Details

GHSA

Improper Certificate Validation in Apache IoTDB↗2022-01-06

▶

OSV

Improper Certificate Validation in Apache IoTDB↗2022-01-06

▶

CVEList

CVE-2020-1952: An issue was found in Apache IoTDB↗2020-04-27

▶