HIGH🇵🇱 Wersja polska

CVE-2021-3396

CVSS 8.8v3.1pub. 2021-02-17upd. 2024-11-21

OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Opennms Horizon

    APP
    Opennms
    16.0.0 – 27.0.3
  • Opennms Meridian

    APP
    Opennms
    2016.1.0 – 2016.1.242017.1.0 – 2017.1.262018.1.0 – 2018.1.25 (bez)2019.1.0 – 2019.1.16 (bez)2020.1.0 – 2020.1.5 (bez)
  • Opennms Newts

    APP
    Opennms
    < 1.5.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-40313HIGH7.1ten sam produkt

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in rela...

CVE-2023-0872HIGH8.2ten sam produkt

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on m...

CVE-2023-0870HIGH8.1ten sam produkt

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon...

CVE-2021-25931HIGH8.8ten sam produkt

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-...

CVE-2020-11886HIGH8.1ten sam produkt

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snm...