opennms · threatengine.sh

CVE-2023-40314

< 2023.1.9

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidenti

5.8MEDIUM

CVE-2023-40612

>= 2023.0.0 and < 2023.1.5

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_E

5.3MEDIUM

CVE-2023-40315

>= 2023.0.0 and < 2023.1.5

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_ED

5.3MEDIUM

CVE-2023-40313

< 2020.1.38

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian version

7.1HIGH

CVE-2023-40312

< 2020.1.38

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlie

6.7MEDIUM

CVE-2023-40311

< 2020.1.38

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier t

6.7MEDIUM

CVE-2023-0872

>= 2020.0.0 and <= 2020.1.37

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is

8.2HIGH

CVE-2023-0871

>= 2020.0.0 and < 2020.1.38

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerab

5.4MEDIUM

CVE-2023-0870

>= 2020.1.0 and < 2020.1.33

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potential

8.1HIGH

CVE-2023-0869

< 2023.1.0

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confiden

5.8MEDIUM

CVE-2023-0868

< 2023.1.0

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker acces

6.7MEDIUM

CVE-2023-0867

< 2023.1.0

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian an

6.7MEDIUM

CVE-2023-0815

< 2023.1.0

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow

6.8MEDIUM

CVE-2023-0846

< 2023.1.0

Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and M

6.7MEDIUM

CVE-2016-6556

< 18.0.2-1

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. B

7.1HIGH

CVE-2016-6555

< 18.0.2-1

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By

7.1HIGH

CVE-2021-25932

>= 2015.1.0-1 and <= 2019.1.18-1

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

5.4MEDIUM

CVE-2021-25935

>= 2015.1.0 and <= 2019.1.18

In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1

5.4MEDIUM

CVE-2021-25934

>= 2015.1.0 and <= 2019.1.18

In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1

5.4MEDIUM

CVE-2021-25933

>= 2015.1.0 and < 2019.1.19

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

4.8MEDIUM

CVE-2021-25931

>= 2015.1.0 and < 2019.1.19

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

8.8HIGH

CVE-2021-25929

>= 2015.1.0 and < 2019.1.19

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

4.8MEDIUM

CVE-2021-25930

>= 2015.1.0 and < 2019.1.19

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-

4.3MEDIUM

CVE-2021-3396

>= 2016.1.0 and <= 2016.1.24

OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, a

8.8HIGH

CVE-2020-1652

all versions

OpenNMS is accessible via port 9443

5.6MEDIUM

CVE-2020-12760

< 26.1.0

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ cha

8.8HIGH

CVE-2020-11886

>= 2017 and < 2017.1.21

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmVal

8.1HIGH

CVE-2015-7856

all versions

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveragi

CVE-2014-3960

<= 1.12.6

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script

CVE-2012-0936

<= 1.9.93

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenN

CVE-2008-6095

all versions

Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web

CVE-2008-4320

<= 1.0.0

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script

opennms meridian