CVE-2020-11886 Information
Feb 14, 2021
cve
Description
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1 Meridian 2019 before 2019.1.4 Meridian 2018 before 2018.1.16 and Meridian 2017 before 2017.1.21.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Reference
https://issues.opennms.org/browse/NMS-12572
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
NONE
Base Severity
8.1
Share on: