漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache HertzBeat (incubating): Jmx JNDI injection vulnerability
Vulnerability Description
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary script execution. This issue affects Apache HertzBeat: through 1.7.2. Users are recommended to upgrade to version [1.7.3], which fixes the issue.
CVSS Information
N/A
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Vulnerability Title
Apache HertzBeat 注入漏洞
Vulnerability Description
Apache HertzBeat是美国阿帕奇(Apache)公司的一个可以监控各种组件的工具。 Apache HertzBeat 1.7.2及之前版本存在注入漏洞,该漏洞源于LDAP查询中特殊元素中和不当,可能导致LDAP注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A