UNSUPPORTED: Apache IoTDB Workbench SVRF Vulnerability Affects Retired Product

CVE-2024-36448

7.3HIGH

Key Information

Vendor: Apache
Status: Apache Iotdb Workbench
Vendor: CVE Published:; 5 August 2024

Summary

** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected Version(s)

Apache IoTDB Workbench <= 0.13.0

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 5, 2024
Vulnerability Reserved.
May 28, 2024

Collectors

NVD DatabaseMitre Database

Credit

L0ne1y