Lucene search
K

238 matches found

Github Security Blog
Github Security Blog
added 2023/08/17 9:30 p.m.40 views

OpenNMS privilege escalation vulnerability

In OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

8CVSS7AI score0.02538EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2023/08/17 9:30 p.m.24 views

GHSA-5M5F-QG8R-P9QF OpenNMS vulnerable to remote code execution

A BeanShell interpreter in remote server mode runs in OpenNMS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS8AI score0.00702EPSS
Exploits0References5
NVD
NVD
added 2023/08/17 8:15 p.m.31 views

CVE-2023-40315

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

8CVSS6.5AI score0.02538EPSS
Exploits3References2
Prion
Prion
added 2023/08/17 8:15 p.m.20 views

Design/Logic Flaw

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

5.2CVSS8AI score0.02538EPSS
Exploits3References2Affected Software2
Prion
Prion
added 2023/08/17 7:15 p.m.19 views

Code injection

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

5.8CVSS8.9AI score0.00702EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/08/17 7:4 p.m.23 views

CVE-2023-40315 ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

5.3CVSS7.1AI score0.02538EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2023/08/17 7:4 p.m.21 views

CVE-2023-40315 ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

5.3CVSS7AI score0.02538EPSS
Exploits3References2
Cvelist
Cvelist
added 2023/08/17 7:4 p.m.58 views

CVE-2023-40315 ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

5.3CVSS8.2AI score0.02538EPSS
Exploits3References2
CVE
CVE
added 2023/08/17 7:4 p.m.59 views

CVE-2023-40315

Privilege escalation vulnerability in OpenNMS Horizon 31.0.8 and prior versions (and related Meridian versions) allows a user with ROLE_FILESYSTEM_EDITOR to elevate to ROLE_ADMIN or other roles. Upgraded fixes are Meridian 2023.1.5 or Horizon 32.0.2 (or newer). Installation docs warn these compon...

8CVSS6.5AI score0.02538EPSS
Exploits3References2Affected Software2
Cvelist
Cvelist
added 2023/08/17 6:24 p.m.46 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS9.1AI score0.00702EPSS
Exploits0References2
OSV
OSV
added 2023/08/17 6:24 p.m.26 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS7.4AI score0.00702EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/08/17 6:24 p.m.17 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS7.8AI score0.00702EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.6 views

PT-2023-27378 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian versions prior to 2023.1.5 Description: The issue allows any user with the ROLE FILESYSTEM EDITOR to easily escalate their privileges to ROLE ADMIN or any other role. The affected softwa...

8CVSS8.6AI score0.02538EPSS
Exploits3References13
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.11 views

PT-2023-27376 · Opennms · Opennms Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38 Description: A BeanShe...

8.8CVSS7.5AI score0.00702EPSS
Exploits0References12
Openbugbounty
Openbugbounty
added 2023/08/15 9:7 p.m.7 views

meridian-avia.com Cross Site Scripting vulnerability OBB-3586010

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
OSV
OSV
added 2023/08/14 6:32 p.m.33 views

GHSA-W5GQ-XRRP-3FXF OpenNMS privilege elevation vulnerability

The Horizon REST API includes a users endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS7.8AI score0.02951EPSS
Exploits3References5
OSV
OSV
added 2023/08/14 6:32 p.m.15 views

GHSA-CHGR-J2P9-JJH8 OpenNMS vulnerable to Cross-site Scripting

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

6.7CVSS5.6AI score0.00591EPSS
Exploits0References5
OSV
OSV
added 2023/08/14 6:32 p.m.20 views

GHSA-QFW7-PFXX-H9Q2 OpenNMS vulnerable to Cross-site Scripting

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS5.5AI score0.00653EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/08/14 6:32 p.m.32 views

OpenNMS privilege elevation vulnerability

The Horizon REST API includes a users endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS6.8AI score0.02951EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/14 6:32 p.m.24 views

OpenNMS vulnerable to Cross-site Scripting

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

6.7CVSS6.3AI score0.00653EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder