Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opennms meridian vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0870
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an malicious user to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Hor...
Opennms Horizon
Opennms Meridian
Opennms Meridian 2023.1.0
3.5
CVSSv2
CVE-2021-25932
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site S...
Opennms Meridian
Opennms Opennms
6.5
CVSSv2
CVE-2020-12760
An issue exists in OpenNMS Horizon prior to 26.0.1, and Meridian prior to 2018.1.19 and 2019 prior to 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution...
Opennms Opennms Horizon
Opennms Opennms Meridian
6.5
CVSSv2
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 prior to 2018.1.25, 2019 prior to 2019.1.16, and 2020 prior to 2020.1.5, Horizon 1.2 up to and including 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
Opennms Newts
Opennms Horizon
Opennms Meridian
5.5
CVSSv2
CVE-2020-11886
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon prior to 25.2.1, Meridian 2019 prior to 2019.1.4, Meridian 2018 prior to 2018.1.16, and Meridian 20...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-40311
Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an malicious user to store on database and then load on JSPs or Angular templates. The solution is to upgr...
Opennms Horizon
Opennms Meridian
3.5
CVSSv2
CVE-2021-25929
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site S...
Opennms Horizon
Opennms Meridian
4.3
CVSSv2
CVE-2021-25930
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSR...
Opennms Horizon
Opennms Meridian
6.8
CVSSv2
CVE-2021-25931
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSR...
Opennms Horizon
Opennms Meridian
3.5
CVSSv2
CVE-2021-25933
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site S...
Opennms Meridian
Opennms Horizon
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »