CVE-2020-1952

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1952

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1952.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1952

Aliases

GHSA-wc6f-cjcp-cc33

Published

2020-04-27T17:15:13.533Z

Modified

2025-11-20T11:20:05.249860Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.

References

https://lists.apache.org/thread.html/r3d2ff899ead64d2952fdc1fbb1f520ca42011ed2b4c7f786e921f6b9%40%3Cdev.iotdb.apache.org%3E

Affected packages

Git / github.com/apache/iotdb

Affected ranges

Type: GIT
Repo: https://github.com/apache/iotdb
Events: Introduced

2f4da03b05d1c063eaaca622c68de86abe35de22

Last affected

09a94f2c02dec27f483a2ccb41a8265331be193d

Introduced

257df94d57c29c628b1ab0d6a2fdd20ba7df9ca4

Last affected

d665690607933db9fdac057ebe250c19c9f63974

Affected versions

release-0.*

release-0.8.1

release/0.*

release/0.8.0

release/0.8.2

release/0.9.0

release/0.9.1