org.apache.iotdb:iotdb-server uses insecure session management. Lack of proper validation of session ID at checkLogin
function allows an attacker to bypass the intended authentication behavior through a session id attack.
CPE | Name | Operator | Version |
---|---|---|---|
iotdb server | eq | 0.13.0 | |
iotdb server | eq | 0.13.0 |