CVE-2023-0870

Name of the Vulnerable Software and Affected Versions OpenNMS Meridian versions prior to 2023.1.1 OpenNMS Horizon versions prior to 31.0.6

Description A form can be manipulated with cross-site request forgery in OpenNMS Meridian and Horizon, potentially allowing an attacker to gain access to confidential information and compromise integrity. The software is intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Recommendations For OpenNMS Meridian versions prior to 2023.1.1, upgrade to Meridian 2023.1.1 or newer. For OpenNMS Horizon versions prior to 31.0.6, upgrade to Horizon 31.0.6 or newer.