PT-2023-27377 · Opennms · Opennms Horizon+1

Moshe Apelbaum

·

Publicado

2023-11-16

·

Atualizado

2023-11-25

·

CVE-2023-40314

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions OpenNMS Meridian versions prior to 2023.1.9 OpenNMS Horizon versions prior to 32.0.5
Description Cross-site scripting in bootstrap.jsp allows an attacker access to confidential session information. The installation instructions for Meridian and Horizon state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Moshe Apelbaum for reporting this issue.
Recommendations For OpenNMS Meridian versions prior to 2023.1.9, upgrade to Meridian 2023.1.9 or newer. For OpenNMS Horizon versions prior to 32.0.5, upgrade to Horizon 32.0.5 or newer.

Correção

RCE

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-79

Identificadores relacionados

CVE-2023-40314
GHSA-C6XW-HG9Q-3C9F

Produtos afetados

Opennms Horizon
Opennms Meridian