Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opennms opennms horizon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0871
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external ser...
Opennms Horizon
Opennms Horizon 31.0.8
Opennms Meridian
580
VMScore
CVE-2020-12760
An issue exists in OpenNMS Horizon prior to 26.0.1, and Meridian prior to 2018.1.19 and 2019 prior to 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution...
Opennms Opennms Horizon
Opennms Opennms Meridian
578
VMScore
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 prior to 2018.1.25, 2019 prior to 2019.1.16, and 2020 prior to 2020.1.5, Horizon 1.2 up to and including 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
Opennms Newts
Opennms Horizon
Opennms Meridian
NA
CVE-2023-0870
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an malicious user to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Hor...
Opennms Horizon
Opennms Meridian
Opennms Meridian 2023.1.0
383
VMScore
CVE-2021-25930
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSR...
Opennms Horizon
Opennms Meridian
312
VMScore
CVE-2021-25934
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scr...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-40311
Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an malicious user to store on database and then load on JSPs or Angular templates. The solution is to upgr...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-40312
Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 202...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-40313
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon ...
Opennms Horizon
Opennms Meridian
NA
CVE-2023-40314
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instru...
Opennms Horizon
Opennms Meridian
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »