Hertzbeat
Monthly
Apache HertzBeat versions 1.7.1 through 1.8.0 contain an XPath injection vulnerability that allows authenticated attackers to manipulate XPath queries and potentially extract or modify sensitive data. An attacker with valid credentials can exploit this flaw to bypass access controls and execute arbitrary XPath expressions against the application's XML data stores. Affected users should upgrade to version 1.8.0 immediately as no patch is currently available for earlier versions.
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Hertzbeat is an open source, real-time monitoring system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Apache HertzBeat versions 1.7.1 through 1.8.0 contain an XPath injection vulnerability that allows authenticated attackers to manipulate XPath queries and potentially extract or modify sensitive data. An attacker with valid credentials can exploit this flaw to bypass access controls and execute arbitrary XPath expressions against the application's XML data stores. Affected users should upgrade to version 1.8.0 immediately as no patch is currently available for earlier versions.
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Hertzbeat is an open source, real-time monitoring system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.