Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opennms horizon vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-0871
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external ser...
Opennms Horizon
Opennms Horizon 31.0.8
Opennms Meridian
8.8
CVSSv3
CVE-2020-12760
An issue exists in OpenNMS Horizon prior to 26.0.1, and Meridian prior to 2018.1.19 and 2019 prior to 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution...
Opennms Opennms Horizon
Opennms Opennms Meridian
8.8
CVSSv3
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 prior to 2018.1.25, 2019 prior to 2019.1.16, and 2020 prior to 2020.1.5, Horizon 1.2 up to and including 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
Opennms Newts
Opennms Horizon
Opennms Meridian
6.5
CVSSv3
CVE-2023-0815
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Me...
Opennms Horizon
Opennms Meridian
6.1
CVSSv3
CVE-2023-0846
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meri...
Opennms Horizon
Opennms Meridian
6.1
CVSSv3
CVE-2023-0867
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. M...
Opennms Horizon
Opennms Meridian
8
CVSSv3
CVE-2023-0872
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Me...
Opennms Horizon
Opennms Meridian
8.1
CVSSv3
CVE-2020-11886
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon prior to 25.2.1, Meridian 2019 prior to 2019.1.4, Meridian 2018 prior to 2018.1.16, and Meridian 20...
Opennms Horizon
Opennms Meridian
4.8
CVSSv3
CVE-2021-25929
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site S...
Opennms Meridian
Opennms Horizon
4.3
CVSSv3
CVE-2021-25930
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSR...
Opennms Meridian
Opennms Horizon
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »