8.8

CVE-2024-42323

Apache HertzBeat: RCE by snakeYaml deser load malicious xml

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). 

This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat (incubating): before 1.6.0.

Users are recommended to upgrade to version 1.6.0, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHertzbeat Version < 1.6.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.05% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx
Vendor Advisory
Mailing List
https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t
Vendor Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2024/09/21/1
Mailing List