CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Packet Storm•added 2024/03/21 12:0 a.m.•578 views

OpenNMS Horizon 31.0.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...

8.2CVSS7.4AI score0.04551EPSS

Exploits3

Vulnrichment•added 2023/08/23 6:22 p.m.•12 views

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

5.3CVSS7.1AI score0.00045EPSS

Exploits0References2

Github Security Blog•added 2023/08/17 9:30 p.m.•33 views

OpenNMS privilege escalation vulnerability

In OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

8CVSS7AI score0.04551EPSS

Exploits3References5Affected Software1

NVD•added 2023/08/17 8:15 p.m.•18 views

CVE-2023-40315

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

8CVSS6.5AI score0.04551EPSS

Exploits3References2