Lucene search

[email protected]CVE-2022-38369

HistorySep 05, 2022 - 10:15 a.m.

CVE-2022-38369

2022-09-0510:15:09

CWE-384

[email protected]

web.nvd.nist.gov

apache

iotdb

cve

security

upgrade

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.

Affected configurations

Vulners

NVD

Node

apacheiotdbRange≤0.13.0

CPENameOperatorVersion
apache:iotdbapache iotdbeq0.13.0

CPE	Name	Operator	Version
apache:iotdb	apache iotdb	eq	0.13.0

CNA Affected

[
  {
    "product": "Apache IoTDB",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "0.13.0"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2022/09/05/1

lists.apache.org/thread/7nk03ywvx3t3yjbcxzt7zy4nyc89y9b0

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2022-38369

veracode1 github1 nvd1 cvelist1 osv1 cnvd1 prion1