4 matches found
CVE-2023-51653
Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is /api/monitor/detect. If there is a URL field, the address will be used by default. When the URL is...
CVE-2023-51653
Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is /api/monitor/detect. If there is a URL field, the address will be used by default. When the URL is...
CVE-2023-51653 Hertzbeat JMX JNDI RCE
Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is /api/monitor/detect. If there is a URL field, the address will be used by default. When the URL is...
CVE-2023-51653
CVE-2023-51653 affects Hertzbeat real-time monitoring when using JmxCollectImpl.java; the vulnerability arises from JMXConnectorFactory.connect allowing a JNDI injection via the vulnerable URL in the /api/monitor/detect interface. If a URL like service:jmx:rmi:///jndi/rmi://xxxxxx:1099/localHikar...