Vulnerabilities > IT Novum > Openitcockpit > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2020-10788 | Use of Hard-coded Credentials vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections. | 9.1 |
| 2020-03-25 | CVE-2020-10789 | OS Command Injection vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. | 9.8 |
| 2019-08-23 | CVE-2019-15490 | OS Command Injection vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | 9.8 |
| 2019-08-23 | CVE-2019-15494 | Server-Side Request Forgery (SSRF) vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | 9.8 |