Known Vulnerabilities for Openitcockpit by It-novum
Listed below are 10 of the newest known vulnerabilities associated with "Openitcockpit" by "It-novum".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-24893 json | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior... | Not Provided | 2026-04-14 | 2026-04-15 |
| CVE-2023-36663 json | it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort pa... | 8.8 - HIGH | 2023-06-25 | 2023-07-05 |
| CVE-2023-3520 json | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. | 4.6 - MEDIUM | 2023-07-06 | 2023-07-12 |
| CVE-2023-3218 json | Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. | 4.4 - MEDIUM | 2023-06-13 | 2023-06-21 |
| CVE-2020-10792 json | openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a h... | 7.5 - HIGH | 2020-03-20 | 2020-03-25 |
| CVE-2020-10791 json | app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authentica... | 6.5 - MEDIUM | 2020-03-25 | 2020-03-27 |
| CVE-2020-10790 json | openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | 5.4 - MEDIUM | 2020-03-25 | 2020-03-27 |
| CVE-2020-10789 json | openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metachar... | 9.8 - CRITICAL | 2020-03-25 | 2020-03-27 |
| CVE-2020-10788 json | openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key ... | 9.1 - CRITICAL | 2020-03-25 | 2021-07-21 |
| CVE-2019-15494 json | openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | 9.8 - CRITICAL | 2019-08-23 | 2019-08-26 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | It-novum | Openitcockpit | 3.7.3 | |||
| Application | It-novum | Openitcockpit | 3.7.2 | |||
| Application | It-novum | Openitcockpit | 3.7.1 | |||
| Application | It-novum | Openitcockpit | 3.6.1.2 | |||
| Application | It-novum | Openitcockpit | 3.6.1 | |||
| Application | It-novum | Openitcockpit | 3.6.0 | |||
| Application | It-novum | Openitcockpit | 3.5.0 | |||
| Application | It-novum | Openitcockpit | 3.4.3 | |||
| Application | It-novum | Openitcockpit | 3.4.2 | |||
| Application | It-novum | Openitcockpit | 3.3.0-3 | |||
| Application | It-novum | Openitcockpit | 3.3.0 | |||
| Application | It-novum | Openitcockpit | 3.2.0 | |||
| Application | It-novum | Openitcockpit | 3.1.5 | |||
| Application | It-novum | Openitcockpit | 3.1.1 | |||
| Application | It-novum | Openitcockpit | 3.1.0 | |||
| Application | It-novum | Openitcockpit | 3.0.9 | |||
| Application | It-novum | Openitcockpit | 3.0.8-3 | |||
| Application | It-novum | Openitcockpit | 3.0.8-2 | |||
| Application | It-novum | Openitcockpit | 3.0.8 | |||
| Application | It-novum | Openitcockpit | 3.0.7 |