CVE-2020-1952
First published: Mon Apr 27 2020(Updated: )
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache IoTDB | >=0.8.0<=0.8.2 | |
| Apache IoTDB | >=0.9.0<=0.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is Apache IoTDB vulnerability CVE-2020-1952?
Apache IoTDB 0.8.0 to 0.8.2 and 0.9.0 to 0.9.1 are affected by a critical vulnerability that exposes the JMX port 31999 without certification, allowing remote code execution.
How severe is CVE-2020-1952?
CVE-2020-1952 has a severity rating of 9.8 (critical).
Which versions of Apache IoTDB are affected by CVE-2020-1952?
Apache IoTDB versions 0.8.0 to 0.8.2 and 0.9.0 to 0.9.1 are affected by CVE-2020-1952.
How can the CVE-2020-1952 vulnerability be exploited?
The CVE-2020-1952 vulnerability in Apache IoTDB can be exploited by remotely executing code when the JMX port 31999 is exposed without certification.
Is there a fix available for CVE-2020-1952?
To fix CVE-2020-1952, users should update to a version of Apache IoTDB that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/apache
- canonical/apache iotdb
- version/apache iotdb/0.8.0
- version/apache iotdb/0.8.2
- version/apache iotdb/0.9.0
- version/apache iotdb/0.9.1