Erik Wynter

**Name of the Vulnerable Software and Affected Versions** OpenMNS Horizon versions 31.0.8 and earlier than 32.0.2 Meridian versions prior to 2023.1.5 **Description** The file editor in OpenMNS Horizon, accessible to users with `ROLE FILESYSTEM EDITOR` privileges, is vulnerable to XXE injection attacks. The software is intended for installation within an organization's private networks and should not be directly accessible from the Internet. **Recommendations** For OpenMNS Horizon versions 31.0.8 and earlier than 32.0.2, upgrade to Horizon 32.0.2 or newer. For Meridian versions prior to 2023.1.5, upgrade to Meridian 2023.1.5 or newer.

**Name of the Vulnerable Software and Affected Versions** OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian versions prior to 2023.1.5 **Description** The issue allows any user with the `ROLE FILESYSTEM EDITOR` to easily escalate their privileges to `ROLE ADMIN` or any other role. The affected software is intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. **Recommendations** To resolve the issue, upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. As a temporary workaround, consider restricting the use of the `ROLE FILESYSTEM EDITOR` role until a patch is available. Restrict access to the affected software to minimize the risk of exploitation, following the installation instructions that state the software should not be directly accessible from the Internet.

**Name of the Vulnerable Software and Affected Versions** OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian (affected versions not specified) **Description** The Horizon REST API includes a "users" endpoint that is vulnerable to elevation of privilege. The solution is to upgrade to a newer version. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. **Recommendations** For OpenMNS Horizon versions 31.0.8 through 32.0.2, upgrade to Horizon 32.0.2 or newer. For Meridian, upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, or 2020.1.38. As a temporary workaround, consider restricting access to the "users" endpoint in the Horizon REST API until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenNMS Horizon versions 31.0.8 through 32.0.2 **Description** The issue is related to an XML external entity (XXE) injection vulnerability in the `/rtc/post/` endpoint, which can be used to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to a newer version. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. **Recommendations** To resolve the issue, upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. As a temporary workaround, consider restricting access to the `/rtc/post/` endpoint until a patch is available.

**Nome do software vulnerável e versões afetadas** Versões do FlexDotnetCMS anteriores à 1.5.11 **Descrição** A vulnerabilidade permite que um invasor remoto autenticado contorne os controles de acesso e leia e grave em arquivos existentes fora da raiz da web por meio de traversal de diretório, inserindo um caminho .. (ponto ponto) no campo de entrada do “FileEditor” no endpoint “/Admin/Views/FileEditor/”. Nas versões anteriores à 1.5.8, também é possível acessar arquivos especificando o caminho completo. **Recomendações** Para versões anteriores à 1.5.11, atualize para a versão 1.5.11 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao recurso FileEditor até que um patch esteja disponível. Evite usar o FileEditor para acessar arquivos fora da raiz da web até que o problema seja resolvido.

**Nome do software vulnerável e versões afetadas** Versões do FlexDotnetCMS anteriores à 1.5.9 **Descrição** A vulnerabilidade permite que um invasor remoto autenticado faça upload e execute arquivos arbitrários utilizando o FileManager para enviar código malicioso na forma de um tipo de arquivo seguro e, em seguida, renomeie o arquivo com uma extensão executável usando o FileEditor ou a função de renomeação do FileManager. O invasor pode então executar o arquivo por meio de uma solicitação HTTP GET para o caminho do arquivo. **Recomendações** Para versões anteriores à 1.5.9, atualize para a versão 1.5.9 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso ao FileManager e ao FileEditor para minimizar o risco de exploração. Evite usar a função de renomeação no FileManager para impedir uploads de arquivos maliciosos.