PT-2023-27541 · Unknown+1 · Opennms Horizon+1
Erik Wynter
·
Published
2023-08-23
·
Updated
2023-08-30
·
CVE-2023-40612
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenMNS Horizon versions 31.0.8 and earlier than 32.0.2
Meridian versions prior to 2023.1.5
Description
The file editor in OpenMNS Horizon, accessible to users with
ROLE FILESYSTEM EDITOR privileges, is vulnerable to XXE injection attacks. The software is intended for installation within an organization's private networks and should not be directly accessible from the Internet.Recommendations
For OpenMNS Horizon versions 31.0.8 and earlier than 32.0.2, upgrade to Horizon 32.0.2 or newer.
For Meridian versions prior to 2023.1.5, upgrade to Meridian 2023.1.5 or newer.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Meridian
Opennms Horizon