Vulnerabilities > Hawt > Hawtio > 1.5.3

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2019-9827 Server-Side Request Forgery (SSRF) vulnerability in Hawt Hawtio
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
network
low complexity
hawt CWE-918
critical
 9.8
9.8
2017-08-17 CVE-2017-7556 Cross-Site Request Forgery (CSRF) vulnerability in Hawt Hawtio 1.5.3
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
network
low complexity
hawt CWE-352
8.8
8.8