Vulnerability Details CVE-2020-11886
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
Products affected by CVE-2020-11886
-
cpe:2.3:a:opennms:horizon:1.0
-
cpe:2.3:a:opennms:horizon:16.0.0
-
cpe:2.3:a:opennms:horizon:17.0.0
-
cpe:2.3:a:opennms:horizon:17.1.0
-
cpe:2.3:a:opennms:horizon:17.1.1
-
cpe:2.3:a:opennms:horizon:18.0.0
-
cpe:2.3:a:opennms:horizon:18.0.1
-
cpe:2.3:a:opennms:horizon:18.0.2
-
cpe:2.3:a:opennms:horizon:18.0.3
-
cpe:2.3:a:opennms:horizon:18.0.4
-
cpe:2.3:a:opennms:horizon:19.0.0
-
cpe:2.3:a:opennms:horizon:19.0.1
-
cpe:2.3:a:opennms:horizon:19.1.0
-
cpe:2.3:a:opennms:horizon:20.0.0
-
cpe:2.3:a:opennms:horizon:20.0.1
-
cpe:2.3:a:opennms:horizon:20.0.2
-
cpe:2.3:a:opennms:horizon:20.1.0
-
cpe:2.3:a:opennms:horizon:21.0.0
-
cpe:2.3:a:opennms:horizon:21.0.1
-
cpe:2.3:a:opennms:horizon:21.0.2
-
cpe:2.3:a:opennms:horizon:21.0.3
-
cpe:2.3:a:opennms:horizon:21.0.4
-
cpe:2.3:a:opennms:horizon:21.0.5
-
cpe:2.3:a:opennms:horizon:21.1.0
-
cpe:2.3:a:opennms:horizon:22.0.0
-
cpe:2.3:a:opennms:horizon:22.0.1
-
cpe:2.3:a:opennms:horizon:22.0.2
-
cpe:2.3:a:opennms:horizon:22.0.3
-
cpe:2.3:a:opennms:horizon:22.0.4
-
cpe:2.3:a:opennms:horizon:23.0.0
-
cpe:2.3:a:opennms:horizon:23.0.1
-
cpe:2.3:a:opennms:horizon:23.0.2
-
cpe:2.3:a:opennms:horizon:23.0.3
-
cpe:2.3:a:opennms:horizon:23.0.4
-
cpe:2.3:a:opennms:horizon:24.0.0
-
cpe:2.3:a:opennms:horizon:24.1.0
-
cpe:2.3:a:opennms:horizon:24.1.1
-
cpe:2.3:a:opennms:horizon:24.1.2
-
cpe:2.3:a:opennms:horizon:24.1.3
-
cpe:2.3:a:opennms:horizon:25.0.0
-
cpe:2.3:a:opennms:horizon:25.1.0
-
cpe:2.3:a:opennms:horizon:25.1.1
-
cpe:2.3:a:opennms:horizon:25.1.2
-
cpe:2.3:a:opennms:horizon:25.2.0
-
cpe:2.3:a:opennms:meridian:2017
-
cpe:2.3:a:opennms:meridian:2017.1.0
-
cpe:2.3:a:opennms:meridian:2017.1.0-1
-
cpe:2.3:a:opennms:meridian:2017.1.1
-
cpe:2.3:a:opennms:meridian:2017.1.1-1
-
cpe:2.3:a:opennms:meridian:2017.1.10
-
cpe:2.3:a:opennms:meridian:2017.1.10-1
-
cpe:2.3:a:opennms:meridian:2017.1.11
-
cpe:2.3:a:opennms:meridian:2017.1.11-1
-
cpe:2.3:a:opennms:meridian:2017.1.12
-
cpe:2.3:a:opennms:meridian:2017.1.12-1
-
cpe:2.3:a:opennms:meridian:2017.1.13
-
cpe:2.3:a:opennms:meridian:2017.1.13-1
-
cpe:2.3:a:opennms:meridian:2017.1.14
-
cpe:2.3:a:opennms:meridian:2017.1.14-1
-
cpe:2.3:a:opennms:meridian:2017.1.15
-
cpe:2.3:a:opennms:meridian:2017.1.15-1
-
cpe:2.3:a:opennms:meridian:2017.1.16
-
cpe:2.3:a:opennms:meridian:2017.1.16-1
-
cpe:2.3:a:opennms:meridian:2017.1.17
-
cpe:2.3:a:opennms:meridian:2017.1.17-1
-
cpe:2.3:a:opennms:meridian:2017.1.18
-
cpe:2.3:a:opennms:meridian:2017.1.18-1
-
cpe:2.3:a:opennms:meridian:2017.1.19
-
cpe:2.3:a:opennms:meridian:2017.1.19-1
-
cpe:2.3:a:opennms:meridian:2017.1.2
-
cpe:2.3:a:opennms:meridian:2017.1.2-1
-
cpe:2.3:a:opennms:meridian:2017.1.20
-
cpe:2.3:a:opennms:meridian:2017.1.20-1
-
cpe:2.3:a:opennms:meridian:2017.1.3
-
cpe:2.3:a:opennms:meridian:2017.1.3-1
-
cpe:2.3:a:opennms:meridian:2017.1.4
-
cpe:2.3:a:opennms:meridian:2017.1.4-1
-
cpe:2.3:a:opennms:meridian:2017.1.5
-
cpe:2.3:a:opennms:meridian:2017.1.5-1
-
cpe:2.3:a:opennms:meridian:2017.1.6
-
cpe:2.3:a:opennms:meridian:2017.1.6-1
-
cpe:2.3:a:opennms:meridian:2017.1.7
-
cpe:2.3:a:opennms:meridian:2017.1.7-1
-
cpe:2.3:a:opennms:meridian:2017.1.8
-
cpe:2.3:a:opennms:meridian:2017.1.8-1
-
cpe:2.3:a:opennms:meridian:2017.1.9
-
cpe:2.3:a:opennms:meridian:2017.1.9-1
-
cpe:2.3:a:opennms:meridian:2018
-
cpe:2.3:a:opennms:meridian:2018.1.0
-
cpe:2.3:a:opennms:meridian:2018.1.0-1
-
cpe:2.3:a:opennms:meridian:2018.1.1
-
cpe:2.3:a:opennms:meridian:2018.1.1-1
-
cpe:2.3:a:opennms:meridian:2018.1.10
-
cpe:2.3:a:opennms:meridian:2018.1.10-1
-
cpe:2.3:a:opennms:meridian:2018.1.11
-
cpe:2.3:a:opennms:meridian:2018.1.11-1
-
cpe:2.3:a:opennms:meridian:2018.1.12
-
cpe:2.3:a:opennms:meridian:2018.1.12-1
-
cpe:2.3:a:opennms:meridian:2018.1.13
-
cpe:2.3:a:opennms:meridian:2018.1.13-1
-
cpe:2.3:a:opennms:meridian:2018.1.14
-
cpe:2.3:a:opennms:meridian:2018.1.14-1
-
cpe:2.3:a:opennms:meridian:2018.1.15
-
cpe:2.3:a:opennms:meridian:2018.1.15-1
-
cpe:2.3:a:opennms:meridian:2018.1.2
-
cpe:2.3:a:opennms:meridian:2018.1.2-1
-
cpe:2.3:a:opennms:meridian:2018.1.3
-
cpe:2.3:a:opennms:meridian:2018.1.3-1
-
cpe:2.3:a:opennms:meridian:2018.1.4
-
cpe:2.3:a:opennms:meridian:2018.1.4-1
-
cpe:2.3:a:opennms:meridian:2018.1.5
-
cpe:2.3:a:opennms:meridian:2018.1.5-1
-
cpe:2.3:a:opennms:meridian:2018.1.6
-
cpe:2.3:a:opennms:meridian:2018.1.6-1
-
cpe:2.3:a:opennms:meridian:2018.1.7
-
cpe:2.3:a:opennms:meridian:2018.1.7-1
-
cpe:2.3:a:opennms:meridian:2018.1.8
-
cpe:2.3:a:opennms:meridian:2018.1.8-1
-
cpe:2.3:a:opennms:meridian:2018.1.9
-
cpe:2.3:a:opennms:meridian:2018.1.9-1
-
cpe:2.3:a:opennms:meridian:2019
-
cpe:2.3:a:opennms:meridian:2019.1.0
-
cpe:2.3:a:opennms:meridian:2019.1.0-1
-
cpe:2.3:a:opennms:meridian:2019.1.1
-
cpe:2.3:a:opennms:meridian:2019.1.1-1
-
cpe:2.3:a:opennms:meridian:2019.1.2
-
cpe:2.3:a:opennms:meridian:2019.1.2-1
-
cpe:2.3:a:opennms:meridian:2019.1.3
-
cpe:2.3:a:opennms:meridian:2019.1.3-1