GitHub Advisory DatabaseGHSA-853F-X27W-8R74OpenNMS Horizon RCE via Unsafe Deserialization
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
71.7%
An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions.
Affected configurations
References
github.com/advisories/GHSA-853f-x27w-8r74
github.com/OpenNMS/opennms/commit/e21fc14ce355533493da0db815bd81a66e291382
github.com/OpenNMS/opennms/pull/2983
github.com/OpenNMS/opennms/releases/tag/opennms-26.0.1-1
issues.opennms.org/browse/NMS-12673
nvd.nist.gov/vuln/detail/CVE-2020-12760
www.opennms.com/en/blog/2020-04-29-opennms-horizon-26-0-1-luchador-released/
www.opennms.com/en/blog/2020-04-29-opennms-meridian-2018-1-18-wildfire-released/
www.opennms.com/en/blog/2020-04-29-opennms-meridian-2019-1-6-europa-released/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
71.7%