Authenticated XXE Injection Via The File Editor
CVE-2023-40612

5.3MEDIUM

Key Information:

Vendor: The Opennms Group
Status: Horizon; Meridian
Vendor: CVE Published:; 23 August 2023

🔔 Create The Opennms Group Vulnerability Alert

What is CVE-2023-40612?

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Horizon Windows 31.0.8 < 32.0.2

Meridian Windows 2023.0.0 < 2023.1.5

References

https://github.com/OpenNMS/opennms/pull/6288

https://docs.opennms.com/meridian/2023/releasenotes/chang...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2023
Vulnerability Reserved
Aug 17, 2023

Credit

Erik Wynter

JSON

The Opennms Group

What is CVE-2023-40612?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.