HIGH🇵🇱 Wersja polska

CVE-2020-11886

CVSS 8.1v3.1pub. 2020-04-17upd. 2024-11-21

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Opennms Horizon

    APP
    Opennms
    < 25.2.1
  • Opennms Meridian

    APP
    Opennms
    2017 – 2017.1.21 (bez)2018 – 2018.1.16 (bez)2019 – 2019.1.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-40313HIGH7.1ten sam produkt

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in rela...

CVE-2023-0872HIGH8.2ten sam produkt

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on m...

CVE-2023-0870HIGH8.1ten sam produkt

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon...

CVE-2021-25931HIGH8.8ten sam produkt

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-...

CVE-2021-3396HIGH8.8ten sam produkt

OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1...