Skip to main content

Hawtio

5 CVEs product

Monthly

CVE-2023-33544 Maven MEDIUM POC This Month

hawtio 2.17.2 is vulnerable to Path Traversal. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hawtio
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-9827 Maven CRITICAL POC PATCH THREAT Act Now

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Hawtio
NVD
CVSS 3.0
9.8
EPSS
26.8%
CVE-2014-0121 CRITICAL PATCH Act Now

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Hawtio Jboss Fuse
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2014-0120 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Hawtio Jboss Fuse
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-7556 Maven HIGH PATCH This Week

Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Hawtio
NVD
CVSS 3.0
8.8
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

hawtio 2.17.2 is vulnerable to Path Traversal. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hawtio
NVD GitHub
EPSS 27% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Hawtio
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Hawtio Jboss Fuse
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Hawtio Jboss Fuse
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Hawtio
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy