Every CVE whose affected-product data names Hawt Hawtio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2014-0121 — CVSS 9.8 (critical): The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k…
CVE-2019-9827 — CVSS 9.8 (critical): Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an…
CVE-2017-7556 — CVSS 8.8 (high): Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their…
CVE-2014-0120 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of…
CVE-2017-2589 — CVSS 8.7 (high): It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies…
CVE-2017-2617 — CVSS 7.6 (high): hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a…
CVE-2023-33544 — CVSS 5.5 (medium): hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after…
CVE-2017-2594 — CVSS 5.4 (medium): hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a…