CVE-2020-1952

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-1952
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1952.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1952
Aliases
Published
2020-04-27T17:15:13Z
Modified
2025-07-01T23:53:36.066061Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

References

Affected packages

Git / github.com/apache/iotdb

Affected ranges

Affected versions

release-0.*

release-0.8.1

release/0.*

release/0.8.0
release/0.8.2
release/0.9.0
release/0.9.1