Known Vulnerabilities for products from It-novum
Listed below are 15 of the newest known vulnerabilities associated with the vendor "It-novum".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-24893 json | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior... | Not Provided | 2026-04-14 | 2026-04-28 |
| CVE-2023-36663 json | it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort pa... | 8.8 - HIGH | 2023-06-25 | 2023-07-05 |
| CVE-2023-3520 json | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. | 4.6 - MEDIUM | 2023-07-06 | 2023-07-12 |
| CVE-2023-3218 json | Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. | 4.4 - MEDIUM | 2023-06-13 | 2023-06-21 |
| CVE-2020-10792 json | openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a h... | 7.5 - HIGH | 2020-03-20 | 2020-03-25 |
| CVE-2020-10791 json | app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authentica... | 6.5 - MEDIUM | 2020-03-25 | 2020-03-27 |
| CVE-2020-10790 json | openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | 5.4 - MEDIUM | 2020-03-25 | 2020-03-27 |
| CVE-2020-10789 json | openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metachar... | 9.8 - CRITICAL | 2020-03-25 | 2020-03-27 |
| CVE-2020-10788 json | openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key ... | 9.1 - CRITICAL | 2020-03-25 | 2021-07-21 |
| CVE-2019-15494 json | openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | 9.8 - CRITICAL | 2019-08-23 | 2019-08-26 |
| CVE-2019-15493 json | openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | 7.5 - HIGH | 2019-08-23 | 2020-08-24 |
| CVE-2019-15492 json | openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | 6.1 - MEDIUM | 2019-08-23 | 2019-08-26 |
| CVE-2019-15491 json | openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | 8.8 - HIGH | 2019-08-23 | 2019-08-26 |
| CVE-2019-15490 json | openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | 9.8 - CRITICAL | 2019-08-23 | 2021-07-21 |
| CVE-2019-10227 json | openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component. | 6.1 - MEDIUM | 2019-12-31 | 2020-01-09 |
Known software with vulnerabilities from It-novum
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | It-novum | Openitcockpit | 3.0.10 |