Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
| Vendor | Product | Versions |
|---|---|---|
| apache | iotdb | 1.0.0 |
Updated severity to HIGH, added new affected version 2.0.10, marked exploit as available, and added relevant tags.
Updated severity to CRITICAL, added affected version 2.0.9, and corrected exploit availability.
Initial creation