CVE-2023-0871
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-0871: OpenMNS Horizon versions prior to 32.0.2 contain a vulnerability in the /rtc/post/ endpoint, which is susceptible to XML External Entity (XXE) injection. Hackers can exploit this vulnerability to make Horizon initiate unintended HTTP requests to both internal and external services. To mitigate this risk, users are advised to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38, or Horizon 32.0.2 or newer. The affected software is intended for use within private networks and should not be accessible from the internet. OpenMNS acknowledges the reporting of this issue by Erik Wynter and Moshe Apelbaum.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- OpenNMS Meridian
- OpenNMS Horizon
Affected Vendors
- Opennms