Home/Product/apache hertzbeat
Product

apache hertzbeat

16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-24343
>= 1.7.1 and < 1.8.0
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affect
8.8HIGH
 CVE-2025-48208
< 1.7.3
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat .
8.8HIGH
 CVE-2025-24404
< 1.7.0
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an
8.8HIGH
 CVE-2024-56736
< 1.7.0
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.
6.5MEDIUM
 CVE-2024-45791
< 1.6.1
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat
7.5HIGH
 CVE-2024-45505
< 1.6.1
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating)
8.8HIGH
 CVE-2024-41151
< 1.6.1
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attac
8.8HIGH
 CVE-2024-42323
< 1.6.0
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited
8.8HIGH
 CVE-2024-42362
< 1.6.0
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserializatio
8.8HIGH
 CVE-2024-42361
< 1.6.0
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{
7.5HIGH
 CVE-2023-51653
< 1.4.1
Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulne
9.8CRITICAL
 CVE-2023-51389
< 1.4.1
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content,
9.8CRITICAL
 CVE-2023-51388
< 1.4.1
Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expressio
9.8CRITICAL
 CVE-2023-51650
< 1.4.1
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caus
7.5HIGH
 CVE-2023-51387
< 1.4.1
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert ex
7.2HIGH
 CVE-2022-39337
< 1.2.1
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and age
7.5HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin