How severe is CVE-2023-51653?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-51653?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2023-51653

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-74

View all →

Vulnerability Description

Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue.

CVE-2005-3056

CRITICAL

CVSS:9.8(Critical)

TWiki allows arbitrary shell command execution via the Include function

CWE-742005

CVE-2011-2717

CRITICAL

CVSS:9.8(Critical)

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message...

CWE-742011

CVE-2012-1495

CRITICAL

CVSS:9.8(Critical)

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

CWE-742012

CVE-2013-1437

CRITICAL

CVSS:9.8(Critical)

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

CWE-742013