Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HApache Hertzbeat
APPApache1.7.1 – 1.8.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2023-51653CRITICAL9.8PL ✓ten sam produkt
Apache Hertzbeat — JNDI injection RCE przez endpoint JMX
CVE-2023-51388CRITICAL9.8PL ✓ten sam produkt
Apache Hertzbeat — script injection via AviatorEvaluator (RCE)
CVE-2023-51389CRITICAL9.8PL ✓ten sam produkt
Apache Hertzbeat — YAML deserialization w endpoincie /define/yml
CVE-2025-24404HIGH8.8ten sam produkt
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attack...
CVE-2025-48208HIGH8.8ten sam produkt
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache H...