CVE-2023-40612

🗓️ 23 Aug 2023 18:22:49Reported by OpenNMSType

OpenMNS Horizon 31.0.8 and earlier versions allow XXE injection via a vulnerable file editor. Upgrade to Meridian 2023.1.5 or Horizon 32.0.2

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-40612	23 Aug 202322:12	–	circl
CNNVD	OpenNMS Horizon 安全漏洞	23 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-40612 Authenticated XXE Injection Via The File Editor	23 Aug 202318:22	–	cvelist
EUVD	EUVD-2023-45168	3 Oct 202520:07	–	euvd
NVD	CVE-2023-40612	23 Aug 202319:15	–	nvd
Prion	Sql injection	23 Aug 202319:15	–	prion
Positive Technologies	PT-2023-27541 · Meridian +1 · Meridian +1	23 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-40612	9 Jan 202609:24	–	redhatcve
Vulnrichment	CVE-2023-40612 Authenticated XXE Injection Via The File Editor	23 Aug 202318:22	–	vulnrichment

NVD

Node

opennms horizonRange31.0.8–32.0.2

opennms meridianRange2023.0.0–2023.1.5

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Horizon",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "31.0.8",
        "versionType": "maven"
      },
      {
        "lessThan": "31.0.8",
        "status": "unknown",
        "version": "0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Meridian",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "2023.1.5",
        "status": "affected",
        "version": "2023.0.0",
        "versionType": "maven"
      },
      {
        "lessThan": "2023.0.0",
        "status": "unknown",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
docs	www.docs.opennms.com/meridian/2023/releasenotes/changelog.html
github	www.github.com/OpenNMS/opennms/pull/6288

21 Nov 2024 08:19Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.3 - 8

EPSS0.00045

SSVC

CWE-91