Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Hertzbeat  >> 1.6.0  Security Vulnerabilities
CVE-2025-24404
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-09
CVE-2025-48208
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution. This issue affects Apache HertzBeat: through 1.7.2. Users are recommended to upgrade to version [1.7.3], which fixes the issue.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-09
CVE-2024-56736
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-16
CVE-2024-41151
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-11-18
CVE-2024-45505
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.024
Published
2024-11-18
CVE-2024-45791
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-11-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved