CVE-2023-0871

🗓️ 11 Aug 2023 16:13:50Reported by OpenNMSType

CVE-2023-0871 XXE injection in OpenMNS Horizon 31.0.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-0871	11 Aug 202320:16	–	circl
CNNVD	OpenNMS Horizon 代码问题漏洞	22 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-0871 An XML External Entity injection vulnerability	11 Aug 202316:13	–	cvelist
EUVD	EUVD-2023-2186	3 Oct 202520:07	–	euvd
Github Security Blog	OpenNMS Horizon XXE Injection Vulnerability	11 Aug 202318:31	–	github
NVD	CVE-2023-0871	11 Aug 202317:15	–	nvd
OSV	GHSA-2QC8-R663-V864 OpenNMS Horizon XXE Injection Vulnerability	11 Aug 202318:31	–	osv
Prion	Xxe	11 Aug 202317:15	–	prion
Positive Technologies	PT-2023-16575 · Opennms · Meridian +1	11 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-0871	23 May 202505:42	–	redhatcve

NVD

Node

opennms horizonRange32.0.0–32.0.2

opennms horizonMatch31.0.8

Node

opennms meridianRange2020.0.0–2020.1.38

opennms meridianRange2021.0.0–2021.1.30

opennms meridianRange2022.1.0–2022.1.9

opennms meridianRange2023.0.0–2023.1.6

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux",
      "MacOS"
    ],
    "product": "Horizon",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "31.0.8",
        "versionType": "maven"
      },
      {
        "lessThan": "31.0.8",
        "status": "unknown",
        "version": "0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Meridian",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "2023.1.6",
        "status": "affected",
        "version": "2023.0.0",
        "versionType": "maven"
      },
      {
        "lessThan": "2022.1.19",
        "status": "affected",
        "version": "2022.0.0",
        "versionType": "maven"
      },
      {
        "lessThan": "2021.1.30",
        "status": "affected",
        "version": "2021.0.0",
        "versionType": "maven"
      },
      {
        "lessThan": "2020.1.38",
        "status": "affected",
        "version": "2020.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
docs	www.docs.opennms.com/horizon/32/releasenotes/changelog.html
github	www.github.com/OpenNMS/opennms/pull/6355

21 Nov 2024 07:38Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.4 - 6.1

EPSS0.00048

CWE-611