CVE-2023-40612

Name of the Vulnerable Software and Affected Versions OpenMNS Horizon versions 31.0.8 and earlier than 32.0.2 Meridian versions prior to 2023.1.5

Description The file editor in OpenMNS Horizon, accessible to users with ROLE FILESYSTEM EDITOR privileges, is vulnerable to XXE injection attacks. The software is intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Recommendations For OpenMNS Horizon versions 31.0.8 and earlier than 32.0.2, upgrade to Horizon 32.0.2 or newer. For Meridian versions prior to 2023.1.5, upgrade to Meridian 2023.1.5 or newer.