CVE-2023-0870
HIGHOpenNMS Horizon < 31.0.6 and Meridian 2020.1.0-2020.1.33 - Cross-Site Request Forgery
Title source: llmDescription
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
References (2)
Core 2
Scores
CVSS v3
8.1
EPSS
0.0031
EPSS Percentile
22.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (4)
opennms/horizon
< 31.0.6
opennms/meridian
2023.1.0
opennms/meridian
2020.1.0 - 2020.1.33
org.opennms/opennms-webapp
0 - 31.0.6Maven
Published
Mar 22, 2023
Tracked Since
Feb 18, 2026