CVE-2023-40313

Name of the Vulnerable Software and Affected Versions OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38

Description A BeanShell interpreter in remote server mode could allow arbitrary remote Java code execution. The software is intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Recommendations To resolve the issue, upgrade to OpenNMS Meridian 2023.1.6 or newer. To resolve the issue, upgrade to OpenNMS Meridian 2022.1.19 or newer. To resolve the issue, upgrade to OpenNMS Meridian 2021.1.30 or newer. To resolve the issue, upgrade to OpenNMS Meridian 2020.1.38 or newer. To resolve the issue, upgrade to OpenNMS Horizon 32.0.2 or newer.