CVE-2022-38369

CWE-3845 documents4 sources

Severity

8.8HIGH

EPSS

1.9%

top 16.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 5

Latest updateSep 6

Description

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶PyPIapache-iotdb< 0.13.1

GHSA

Apache IoTDB Session Fixation vulnerability↗2022-09-06

▶

OSV

Apache IoTDB Session Fixation vulnerability↗2022-09-06

▶

CVEList

▶

OSV

CVE-2022-38369: Apache IoTDB version 0↗2022-09-05

▶