CVE-2023-0871 An XML External Entity injection vulnerability

🗓️ 11 Aug 2023 16:13:50Reported by OpenNMSType

XML External Entity injection in OpenMNS Horizon 31.0.8 and earlier versions, upgrade to Meridian 2023.1.6 or newer

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-0871	11 Aug 202320:16	–	circl
CNNVD	OpenNMS Horizon 代码问题漏洞	22 Mar 202300:00	–	cnnvd
CVE	CVE-2023-0871	11 Aug 202316:13	–	cve
EUVD	EUVD-2023-2186	3 Oct 202520:07	–	euvd
Github Security Blog	OpenNMS Horizon XXE Injection Vulnerability	11 Aug 202318:31	–	github
NVD	CVE-2023-0871	11 Aug 202317:15	–	nvd
OSV	GHSA-2QC8-R663-V864 OpenNMS Horizon XXE Injection Vulnerability	11 Aug 202318:31	–	osv
Prion	Xxe	11 Aug 202317:15	–	prion
Positive Technologies	PT-2023-16575 · Opennms · Meridian +1	11 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-0871	23 May 202505:42	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux",
      "MacOS"
    ],
    "product": "Horizon",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "32.0.2",
        "status": "affected",
        "version": "31.0.8",
        "versionType": "maven"
      },
      {
        "lessThan": "31.0.8",
        "status": "unknown",
        "version": "0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Meridian",
    "repo": "https://github.com/OpenNMS/opennms",
    "vendor": "The OpenNMS Group",
    "versions": [
      {
        "lessThan": "2023.1.6",
        "status": "affected",
        "version": "2023.0.0",
        "versionType": "maven"
      },
      {
        "lessThan": "2022.1.19",
        "status": "affected",
        "version": "2022.0.0",
        "versionType": "maven"
      },
      {
        "lessThan": "2021.1.30",
        "status": "affected",
        "version": "2021.0.0",
        "versionType": "maven"
      },
      {
        "lessThan": "2020.1.38",
        "status": "affected",
        "version": "2020.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
github	www.github.com/OpenNMS/opennms/pull/6355
docs	www.docs.opennms.com/horizon/32/releasenotes/changelog.html

22 Aug 2023 18:29Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.4

EPSS0.00051

CWE-611