CVE-2023-51387

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 22, 2023
Updated: Jan 3, 2024
CWE ID 94

Summary

CVE-2023-51387 is a vulnerability found in Hertzbeat, an open-source real-time monitoring system. It affects versions prior to 1.4.1 and allows a malicious user to execute arbitrary commands on the Hertzbeat server by exploiting improper sanitization of alert expressions. The vulnerability can be exploited by a user with access to the alert define function. To remediate this issue, it is recommended to update to version 1.4.1 or later of Hertzbeat. This vulnerability poses a high potential danger to organizations as it can lead to unauthorized command execution and compromise the integrity and confidentiality of the system. The vulnerability has a CVSS v3 base score of 8.8, indicating a high severity level.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-51387 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options