High
CVE-2022-38370 CVSS:7.5
Apache IoTDB could allow a remote attacker to obtain sensitive information, caused by improper authorization validation by the interface in the grafana-connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the internal structure information, and use this information to launch further attacks against the affected system.
CVE-2022-38369 CVSS:8.1
Apache IoTDB could allow a remote attacker to hijack a user’s session. By persuading a victim to click on a specially-crafted Web site, an attacker could exploit this vulnerability to gain access to another user’s session.
Apache
Apache IoTDB 0.13.0
Upgrade to the latest version of Apache IoTDB, available from the Apache Web site.