Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 4:59 a.m.12 views

CVE-2023-51388

Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...

9.8CVSS7.4AI score0.01309EPSS
Exploits1
nvd
nvd
added 2024/02/22 4:15 p.m.41 views

CVE-2023-51388

Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...

9.8CVSS9.8AI score0.01309EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/02/22 3:53 p.m.13 views

CVE-2023-51388 HertzBeat AviatorScript Inject RCE

Hertzbeat is a real-time monitoring system. In CalculateAlarm.java, AviatorEvaluator is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript which can execute any static method by default script injection. Version 1.4.1 fixes this...

9.8CVSS9.7AI score0.01309EPSS
Exploits1References2
cve
cve
added 2024/02/22 3:53 p.m.70 views

CVE-2023-51388

Hertzbeat real-time monitoring software is affected by CVE-2023-51388 due to direct execution of expressions in CalculateAlarm.java via AviatorEvaluator without a security policy, enabling AviatorScript injection. The issue is tied to Hertzbeat versions prior to 1.4.1; upgrading to version 1.4.1 ...

9.8CVSS9.8AI score0.01309EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder