Vulnerabilities > Opennms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-20	CVE-2021-25931	Cross-Site Request Forgery (CSRF) vulnerability in Opennms Horizon and Meridian In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`. network low complexity opennms CWE-352	8.8
2021-05-20	CVE-2021-25933	Cross-site Scripting vulnerability in Opennms Horizon and Meridian In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `groupName` and `groupComment` parameters. network low complexity opennms CWE-79	4.8
2021-05-20	CVE-2021-25930	Cross-Site Request Forgery (CSRF) vulnerability in Opennms Horizon and Meridian In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. network low complexity opennms CWE-352	4.3
2021-02-17	CVE-2021-3396	Unspecified vulnerability in Opennms Horizon and Newts OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions. network low complexity opennms	8.8
2020-07-17	CVE-2020-1652	Unspecified vulnerability in Opennms OpenNMS is accessible via port 9443 network low complexity opennms critical	9.8
2020-05-11	CVE-2020-12760	Deserialization of Untrusted Data vulnerability in Opennms Horizon and Opennms Meridian An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. network low complexity opennms CWE-502	8.8
2020-04-17	CVE-2020-11886	SQL Injection vulnerability in Opennms Horizon and Meridian OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. network low complexity opennms CWE-89	8.1

Vulnerabilities > Opennms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Opennms"}]}

Vulnerabilities > Opennms