Skip to main content

Openhab

5 CVEs product

Monthly

CVE-2024-42470 Maven CRITICAL PATCH Act Now

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Openhab
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-42469 Maven CRITICAL PATCH Act Now

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Openhab
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-42468 Maven HIGH PATCH This Week

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Openhab
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-21266 MEDIUM PATCH This Month

openHAB is a vendor and technology agnostic open source automation software for your home. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Openhab
NVD GitHub
CVSS 3.1
5.0
EPSS
1.1%
CVE-2020-5242 HIGH PATCH This Week

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openhab
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Openhab
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Openhab
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Openhab
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

openHAB is a vendor and technology agnostic open source automation software for your home. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Openhab
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openhab
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy