CVE-2023-0815

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizo...

CVE-2021-25935

In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the...

PT-2023-27378 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian versions prior to 2023.1.5 Description: The issue allows any user with the ROLE FILESYSTEM EDITOR to easily escalate their privileges to ROLE ADMIN or any other role. The affected softwa...