XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HApache Hertzbeat
APPApache< 1.7.0
Related vulnerabilities
Apache Hertzbeat — JNDI injection RCE przez endpoint JMX
Apache Hertzbeat — script injection via AviatorEvaluator (RCE)
Apache Hertzbeat — YAML deserialization w endpoincie /define/yml
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat...
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache H...