hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hawt.io | hawtio | * |