Zoiltin

**Name of the Vulnerable Software and Affected Versions** Apache HertzBeat versions prior to 1.7.0 **Description** An XML injection Remote Code Execution (RCE) vulnerability exists in Apache HertzBeat due to parsing of HTTP sitemap XML responses. An attacker with an authenticated account and access can trigger the vulnerability by adding a monitor that parses XML and returns specially crafted content. **Recommendations** Upgrade to version 1.7.0.