6.1CVSS
5.9AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.002EPSS
8.8CVSS
8.7AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.
9.1CVSS
9.2AI Score
0.001EPSS
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
9.8CVSS
9.8AI Score
0.002EPSS
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
5.4CVSS
5.5AI Score
0.001EPSS
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
6.5CVSS
6.1AI Score
0.001EPSS
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
7.5CVSS
7.5AI Score
0.002EPSS
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.
4.4CVSS
4.9AI Score
0.001EPSS
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.
4.6CVSS
4.6AI Score
0.001EPSS
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
8.8CVSS
9AI Score
0.001EPSS