CVE-2021-3396
Description
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.431
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-3396 are fixed in OpenNMS - opennms 27.0.4 | Windows |
| Vulnerabilities CVE-2021-3396 are fixed in Opennms-org.opennms.features.measurements 27.0.4 | Windows |
| Vulnerabilities CVE-2021-3396 are fixed in Opennms--provision 27.0.4 | Windows |
| Vulnerabilities CVE-2021-3396 are fixed in Opennms--util 27.0.4 | Windows |
| Vulnerabilities CVE-2021-3396 are fixed in OpenNMS - opennms for Linux 27.0.4 | Linux |
| Vulnerabilities CVE-2021-3396 are fixed in Opennms-org.opennms.features.measurements for Linux 27.0.4 | Linux |
| Vulnerabilities CVE-2021-3396 are fixed in Opennms--provision for Linux 27.0.4 | Linux |
| Vulnerabilities CVE-2021-3396 are fixed in Opennms--util for Linux 27.0.4 | Linux |
| CVE-2021-3396 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234