EUVD-2023-2369

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Horizon REST API users endpoint vulnerable to privilege escalation; upgrade required for security.

Reporter	Title	Published	Views	Family All 15
0day.today	OpenNMS Horizon 31.0.7 Remote Command Execution Exploit	27 Mar 202400:00	–	zdt
Circl	CVE-2023-0872	14 Aug 202322:19	–	circl
CNNVD	OpenNMS Horizon 安全漏洞	25 Mar 202300:00	–	cnnvd
CVE	CVE-2023-0872	14 Aug 202317:21	–	cve
Cvelist	CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users	14 Aug 202317:21	–	cvelist
Github Security Blog	OpenNMS privilege elevation vulnerability	14 Aug 202318:32	–	github
Metasploit	OpenNMS Horizon Authenticated RCE	21 Mar 202419:49	–	metasploit
NVD	CVE-2023-0872	14 Aug 202318:15	–	nvd
OSV	GHSA-W5GQ-XRRP-3FXF OpenNMS privilege elevation vulnerability	14 Aug 202318:32	–	osv
Packet Storm	OpenNMS Horizon 31.0.7 Remote Command Execution	21 Mar 202400:00	–	packetstorm

[
  {
    "enisaIdVendor": [
      {
        "id": "9a4c50fc-d1c8-3c08-9b8b-9a5999664f7b",
        "vendor": {
          "name": "The OpenNMS Group "
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "18085907-7ab2-373b-aa01-33af483712cc",
        "product": {
          "name": "Meridian"
        },
        "product_version": "2020.0.0 ≤2020.1.37"
      },
      {
        "id": "4cc2b2b0-3bd1-34a7-b195-74ded71b7298",
        "product": {
          "name": "Horizon"
        },
        "product_version": "31.0.8 <32.0.2"
      },
      {
        "id": "6032c264-f5ad-3361-945e-199cd00700f5",
        "product": {
          "name": "Meridian"
        },
        "product_version": "2023.0.0 ≤2023.1.5"
      },
      {
        "id": "724a3e9d-5133-381e-a20c-991cfc6d664e",
        "product": {
          "name": "Meridian"
        },
        "product_version": "2022.0.0 ≤2022.1.18"
      },
      {
        "id": "9fee0bc9-2e0c-3455-b1e0-0a08daa98df2",
        "product": {
          "name": "Meridian"
        },
        "product_version": "2021.0.0 ≤2021.1.29"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-0872
github	www.github.com/OpenNMS/opennms/pull/6354
github	www.github.com/OpenNMS/opennms/commit/e59b0ddd164cf0598ac0294d11a2d677d9e310b8
docs	www.docs.opennms.com/horizon/32/releasenotes/changelog.html
github	www.github.com/OpenNMS/opennms

03 Oct 2025 20:07Current

7.8High risk

Vulners AI Score7.8

CVSS 3.18 - 8.2

EPSS0.03475

SSVC