CVE-2020-11886
HIGHOpenNMS Horizon < 25.2.1 and Meridian 2017-2019 - SQL Injection via NodeListController snmpParm
Title source: llmDescription
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://issues.opennms.org/browse/NMS-12572
Scores
CVSS v3
8.1
EPSS
0.0138
EPSS Percentile
69.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-89
Status
published
Products (2)
opennms/horizon
< 25.2.1
opennms/meridian
2017 - 2017.1.21
Published
Apr 17, 2020
Tracked Since
Feb 18, 2026