Vulnerabilities > IT Novum

DATE CVE VULNERABILITY TITLE RISK
2023-07-06 CVE-2023-3520 Unspecified vulnerability in It-Novum Openitcockpit
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.
network
low complexity
it-novum
4.6
2023-06-25 CVE-2023-36663 SQL Injection vulnerability in It-Novum Openitcockpit 4.6.4
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
network
low complexity
it-novum CWE-89
8.8
2023-06-13 CVE-2023-3218 Unspecified vulnerability in It-Novum Openitcockpit
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.
network
high complexity
it-novum
4.4
2020-03-25 CVE-2020-10788 Use of Hard-coded Credentials vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.
network
low complexity
it-novum CWE-798
critical
9.1
2020-03-25 CVE-2020-10791 Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
network
low complexity
it-novum CWE-918
6.5
2020-03-25 CVE-2020-10790 Cross-site Scripting vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
network
low complexity
it-novum CWE-79
5.4
2020-03-25 CVE-2020-10789 OS Command Injection vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
network
low complexity
it-novum CWE-78
critical
9.8
2020-03-20 CVE-2020-10792 Incorrect Default Permissions vulnerability in It-Novum Openitcockpit
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
network
low complexity
it-novum CWE-276
7.5
2019-12-31 CVE-2019-10227 Cross-site Scripting vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
network
low complexity
it-novum CWE-79
6.1
2019-08-23 CVE-2019-15494 Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
network
low complexity
it-novum CWE-918
critical
9.8