PT-2020-12919 · Opennms · Opennms Horizon+1

Published

2020-04-17

Updated

2020-05-05

CVE-2020-11886

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions OpenNMS Horizon versions prior to 25.2.1 OpenNMS Meridian 2019 versions prior to 2019.1.4 OpenNMS Meridian 2018 versions prior to 2018.1.16 OpenNMS Meridian 2017 versions prior to 2017.1.21

Description The issue allows HQL Injection in the NodeListController via snmpParm or snmpParmValue to addCriteriaForSnmpParm in element/nodeList.htm.

Recommendations For OpenNMS Horizon versions prior to 25.2.1, update to version 25.2.1 or later. For OpenNMS Meridian 2019 versions prior to 2019.1.4, update to version 2019.1.4 or later. For OpenNMS Meridian 2018 versions prior to 2018.1.16, update to version 2018.1.16 or later. For OpenNMS Meridian 2017 versions prior to 2017.1.21, update to version 2017.1.21 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-11886

Affected Products

Opennms Horizon

Opennms Meridian

PT-2020-12919 · Opennms · Opennms Horizon+1

CVE-2020-11886

Weakness Enumeration

Related Identifiers

Affected Products

References · 4