CVE-2023-51389
- EPSS 0.49%
- Published 22.02.2024 16:15:53
- Last modified 16.01.2025 19:08:36
Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vuln...
CVE-2023-51653
- EPSS 5.94%
- Published 22.02.2024 16:15:53
- Last modified 16.01.2025 19:04:56
Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will...
CVE-2023-51650
- EPSS 0.47%
- Published 22.12.2023 21:15:09
- Last modified 21.11.2024 08:38:32
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server informat...
CVE-2023-51387
- EPSS 0.63%
- Published 22.12.2023 21:15:08
- Last modified 21.11.2024 08:38:00
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in ver...
CVE-2022-39337
- EPSS 0.23%
- Published 22.12.2023 15:15:07
- Last modified 21.11.2024 07:18:03
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed ...