Hertzbeat
CVE-2024-45505
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (apache) · only source for this CVE.
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).
This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1.
Users are recommended to upgrade to version 1.6.1, which fixes the issue.
AnalysisAI
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. Affected products include: Apache Hertzbeat. Version information: before 1.6.1..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
Hertzbeat is an open source, real-time monitoring system. Rated critical severity (CVSS 9.8), this vulnerability is remo
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 7.5), this vulnerability is remotely
Apache HertzBeat versions 1.7.1 through 1.8.0 contain an XPath injection vulnerability that allows authenticated attacke
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. Rated high severity (CVSS 8.8), this vulnerability
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), t
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.6.1. Rated high severity (C
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.7.0. Rated medium severity (CVSS 6.5), this vulnera
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. Rated high severity (CVSS 8.8),
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today