Severity: Important
Vendor: The Apache Software Foundation Versions Affected: IoTDB 0.9.0 to 0.9.1 IoTDB 0.8.0 to 0.8.2 Description: When starting IoTDB, the JMX port 31999 is exposed with no certification. Then, clients could execute code remotely. Mitigation: 0.8.x, 0.9.0, and 0.9.1 users should upgrade to 0.9.2. Example: An Attacker can execute code remotely in the IoTDB server through JMX port. Credit: This issue was discovered by WuXiong of QI’ANXIN YunYing Lab. Regards, The Apache IoTDB team
