CVE-2023-0871

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

PT-2023-16575 · Opennms · Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions 31.0.8 through 32.0.2 Description: The issue is related to an XML external entity XXE injection vulnerability in the /rtc/post/ endpoint, which can be used to force Horizon to make arbitrary HTTP requests to internal...