Vulnerabilities > Hawt > Hawtio > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2019-9827 | Server-Side Request Forgery (SSRF) vulnerability in Hawt Hawtio Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. | 9.8 |
| 2018-07-26 | CVE-2017-2589 | It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | 9.0 |
| 2017-12-29 | CVE-2014-0121 | Improper Authentication vulnerability in multiple products The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | 9.8 |