threat
engine
.sh
Back
·
··:··
Home
/
Product
/
opennms meridian
Product
opennms meridian
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-40314
< 2023.1.9
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidenti
5.8
MEDIUM
CVE-2023-40612
>= 2023.0.0 and < 2023.1.5
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_E
5.3
MEDIUM
CVE-2023-40315
>= 2023.0.0 and < 2023.1.5
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_ED
5.3
MEDIUM
CVE-2023-40313
< 2020.1.38
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian version
7.1
HIGH
CVE-2023-40312
< 2020.1.38
Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlie
6.7
MEDIUM
CVE-2023-40311
< 2020.1.38
Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier t
6.7
MEDIUM
CVE-2023-0872
>= 2020.0.0 and <= 2020.1.37
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is
8.2
HIGH
CVE-2023-0871
>= 2020.0.0 and < 2020.1.38
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerab
5.4
MEDIUM
CVE-2023-0870
>= 2020.1.0 and < 2020.1.33
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potential
8.1
HIGH
CVE-2023-0869
< 2023.1.0
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confiden
5.8
MEDIUM
CVE-2023-0868
< 2023.1.0
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker acces
6.7
MEDIUM
CVE-2023-0867
< 2023.1.0
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian an
6.7
MEDIUM
CVE-2023-0815
< 2023.1.0
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow
6.8
MEDIUM
CVE-2023-0846
< 2023.1.0
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and M
6.7
MEDIUM
CVE-2022-29578
all versions
Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as nam
5.3
MEDIUM
CVE-2021-25932
>= 2015.1.0-1 and <= 2019.1.18-1
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
5.4
MEDIUM
CVE-2021-25935
>= 2015.1.0 and <= 2019.1.18
In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1
5.4
MEDIUM
CVE-2021-25934
>= 2015.1.0 and <= 2019.1.18
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1
5.4
MEDIUM
CVE-2021-25933
>= 2015.1.0 and < 2019.1.19
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
4.8
MEDIUM
CVE-2021-25931
>= 2015.1.0 and < 2019.1.19
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
8.8
HIGH
CVE-2021-25929
>= 2015.1.0 and < 2019.1.19
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
4.8
MEDIUM
CVE-2021-25930
>= 2015.1.0 and < 2019.1.19
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-
4.3
MEDIUM
CVE-2021-3396
>= 2016.1.0 and <= 2016.1.24
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, a
8.8
HIGH
CVE-2020-11886
>= 2017 and < 2017.1.21
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmVal
8.1
HIGH
CVE-2014-3892
<= -
Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HT
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin