Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-0872

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 8.2
Products affected by CVE-2023-0872
  • Opennms » Horizon » Version: 31.0.8
    cpe:2.3:a:opennms:horizon:31.0.8
  • Opennms » Horizon » Version: 31.0.9
    cpe:2.3:a:opennms:horizon:31.0.9
  • Opennms » Horizon » Version: 32.0.0
    cpe:2.3:a:opennms:horizon:32.0.0
  • Opennms » Horizon » Version: 32.0.1
    cpe:2.3:a:opennms:horizon:32.0.1
  • Opennms » Meridian » Version: 2020.1.0
    cpe:2.3:a:opennms:meridian:2020.1.0
  • Opennms » Meridian » Version: 2020.1.1
    cpe:2.3:a:opennms:meridian:2020.1.1
  • Opennms » Meridian » Version: 2020.1.1-1
    cpe:2.3:a:opennms:meridian:2020.1.1-1
  • Opennms » Meridian » Version: 2020.1.10
    cpe:2.3:a:opennms:meridian:2020.1.10
  • Opennms » Meridian » Version: 2020.1.11
    cpe:2.3:a:opennms:meridian:2020.1.11
  • Opennms » Meridian » Version: 2020.1.12
    cpe:2.3:a:opennms:meridian:2020.1.12
  • Opennms » Meridian » Version: 2020.1.13
    cpe:2.3:a:opennms:meridian:2020.1.13
  • Opennms » Meridian » Version: 2020.1.14
    cpe:2.3:a:opennms:meridian:2020.1.14
  • Opennms » Meridian » Version: 2020.1.15
    cpe:2.3:a:opennms:meridian:2020.1.15
  • Opennms » Meridian » Version: 2020.1.16
    cpe:2.3:a:opennms:meridian:2020.1.16
  • Opennms » Meridian » Version: 2020.1.17
    cpe:2.3:a:opennms:meridian:2020.1.17
  • Opennms » Meridian » Version: 2020.1.18
    cpe:2.3:a:opennms:meridian:2020.1.18
  • Opennms » Meridian » Version: 2020.1.19
    cpe:2.3:a:opennms:meridian:2020.1.19
  • Opennms » Meridian » Version: 2020.1.2
    cpe:2.3:a:opennms:meridian:2020.1.2
  • Opennms » Meridian » Version: 2020.1.2-1
    cpe:2.3:a:opennms:meridian:2020.1.2-1
  • Opennms » Meridian » Version: 2020.1.20
    cpe:2.3:a:opennms:meridian:2020.1.20
  • Opennms » Meridian » Version: 2020.1.21
    cpe:2.3:a:opennms:meridian:2020.1.21
  • Opennms » Meridian » Version: 2020.1.22
    cpe:2.3:a:opennms:meridian:2020.1.22
  • Opennms » Meridian » Version: 2020.1.23
    cpe:2.3:a:opennms:meridian:2020.1.23
  • Opennms » Meridian » Version: 2020.1.24
    cpe:2.3:a:opennms:meridian:2020.1.24
  • Opennms » Meridian » Version: 2020.1.25
    cpe:2.3:a:opennms:meridian:2020.1.25
  • Opennms » Meridian » Version: 2020.1.26
    cpe:2.3:a:opennms:meridian:2020.1.26
  • Opennms » Meridian » Version: 2020.1.27
    cpe:2.3:a:opennms:meridian:2020.1.27
  • Opennms » Meridian » Version: 2020.1.28
    cpe:2.3:a:opennms:meridian:2020.1.28
  • Opennms » Meridian » Version: 2020.1.29
    cpe:2.3:a:opennms:meridian:2020.1.29
  • Opennms » Meridian » Version: 2020.1.3
    cpe:2.3:a:opennms:meridian:2020.1.3
  • Opennms » Meridian » Version: 2020.1.3-1
    cpe:2.3:a:opennms:meridian:2020.1.3-1
  • Opennms » Meridian » Version: 2020.1.30
    cpe:2.3:a:opennms:meridian:2020.1.30
  • Opennms » Meridian » Version: 2020.1.31
    cpe:2.3:a:opennms:meridian:2020.1.31
  • Opennms » Meridian » Version: 2020.1.32
    cpe:2.3:a:opennms:meridian:2020.1.32
  • Opennms » Meridian » Version: 2020.1.33
    cpe:2.3:a:opennms:meridian:2020.1.33
  • Opennms » Meridian » Version: 2020.1.34
    cpe:2.3:a:opennms:meridian:2020.1.34
  • Opennms » Meridian » Version: 2020.1.35
    cpe:2.3:a:opennms:meridian:2020.1.35
  • Opennms » Meridian » Version: 2020.1.36
    cpe:2.3:a:opennms:meridian:2020.1.36
  • Opennms » Meridian » Version: 2020.1.37
    cpe:2.3:a:opennms:meridian:2020.1.37
  • Opennms » Meridian » Version: 2020.1.4
    cpe:2.3:a:opennms:meridian:2020.1.4
  • Opennms » Meridian » Version: 2020.1.4-1
    cpe:2.3:a:opennms:meridian:2020.1.4-1
  • Opennms » Meridian » Version: 2020.1.5
    cpe:2.3:a:opennms:meridian:2020.1.5
  • Opennms » Meridian » Version: 2020.1.5-1
    cpe:2.3:a:opennms:meridian:2020.1.5-1
  • Opennms » Meridian » Version: 2020.1.6
    cpe:2.3:a:opennms:meridian:2020.1.6
  • Opennms » Meridian » Version: 2020.1.7
    cpe:2.3:a:opennms:meridian:2020.1.7
  • Opennms » Meridian » Version: 2020.1.7-1
    cpe:2.3:a:opennms:meridian:2020.1.7-1
  • Opennms » Meridian » Version: 2020.1.8
    cpe:2.3:a:opennms:meridian:2020.1.8
  • Opennms » Meridian » Version: 2020.1.8-1
    cpe:2.3:a:opennms:meridian:2020.1.8-1
  • Opennms » Meridian » Version: 2020.1.9
    cpe:2.3:a:opennms:meridian:2020.1.9
  • Opennms » Meridian » Version: 2020.1.9-1
    cpe:2.3:a:opennms:meridian:2020.1.9-1
  • Opennms » Meridian » Version: 2021.1.0
    cpe:2.3:a:opennms:meridian:2021.1.0
  • Opennms » Meridian » Version: 2021.1.0-1
    cpe:2.3:a:opennms:meridian:2021.1.0-1
  • Opennms » Meridian » Version: 2021.1.1
    cpe:2.3:a:opennms:meridian:2021.1.1
  • Opennms » Meridian » Version: 2021.1.1-1
    cpe:2.3:a:opennms:meridian:2021.1.1-1
  • Opennms » Meridian » Version: 2021.1.10
    cpe:2.3:a:opennms:meridian:2021.1.10
  • Opennms » Meridian » Version: 2021.1.11
    cpe:2.3:a:opennms:meridian:2021.1.11
  • Opennms » Meridian » Version: 2021.1.12
    cpe:2.3:a:opennms:meridian:2021.1.12
  • Opennms » Meridian » Version: 2021.1.13
    cpe:2.3:a:opennms:meridian:2021.1.13
  • Opennms » Meridian » Version: 2021.1.14
    cpe:2.3:a:opennms:meridian:2021.1.14
  • Opennms » Meridian » Version: 2021.1.15
    cpe:2.3:a:opennms:meridian:2021.1.15
  • Opennms » Meridian » Version: 2021.1.16
    cpe:2.3:a:opennms:meridian:2021.1.16
  • Opennms » Meridian » Version: 2021.1.17
    cpe:2.3:a:opennms:meridian:2021.1.17
  • Opennms » Meridian » Version: 2021.1.18
    cpe:2.3:a:opennms:meridian:2021.1.18
  • Opennms » Meridian » Version: 2021.1.19
    cpe:2.3:a:opennms:meridian:2021.1.19
  • Opennms » Meridian » Version: 2021.1.2
    cpe:2.3:a:opennms:meridian:2021.1.2
  • Opennms » Meridian » Version: 2021.1.20
    cpe:2.3:a:opennms:meridian:2021.1.20
  • Opennms » Meridian » Version: 2021.1.21
    cpe:2.3:a:opennms:meridian:2021.1.21
  • Opennms » Meridian » Version: 2021.1.22
    cpe:2.3:a:opennms:meridian:2021.1.22
  • Opennms » Meridian » Version: 2021.1.23
    cpe:2.3:a:opennms:meridian:2021.1.23
  • Opennms » Meridian » Version: 2021.1.24
    cpe:2.3:a:opennms:meridian:2021.1.24
  • Opennms » Meridian » Version: 2021.1.25
    cpe:2.3:a:opennms:meridian:2021.1.25
  • Opennms » Meridian » Version: 2021.1.26
    cpe:2.3:a:opennms:meridian:2021.1.26
  • Opennms » Meridian » Version: 2021.1.27
    cpe:2.3:a:opennms:meridian:2021.1.27
  • Opennms » Meridian » Version: 2021.1.28
    cpe:2.3:a:opennms:meridian:2021.1.28
  • Opennms » Meridian » Version: 2021.1.29
    cpe:2.3:a:opennms:meridian:2021.1.29
  • Opennms » Meridian » Version: 2021.1.3
    cpe:2.3:a:opennms:meridian:2021.1.3
  • Opennms » Meridian » Version: 2021.1.4
    cpe:2.3:a:opennms:meridian:2021.1.4
  • Opennms » Meridian » Version: 2021.1.5
    cpe:2.3:a:opennms:meridian:2021.1.5
  • Opennms » Meridian » Version: 2021.1.6
    cpe:2.3:a:opennms:meridian:2021.1.6
  • Opennms » Meridian » Version: 2021.1.7
    cpe:2.3:a:opennms:meridian:2021.1.7
  • Opennms » Meridian » Version: 2021.1.8
    cpe:2.3:a:opennms:meridian:2021.1.8
  • Opennms » Meridian » Version: 2021.1.9
    cpe:2.3:a:opennms:meridian:2021.1.9
  • Opennms » Meridian » Version: 2022.1.0
    cpe:2.3:a:opennms:meridian:2022.1.0
  • Opennms » Meridian » Version: 2022.1.1
    cpe:2.3:a:opennms:meridian:2022.1.1
  • Opennms » Meridian » Version: 2022.1.10
    cpe:2.3:a:opennms:meridian:2022.1.10
  • Opennms » Meridian » Version: 2022.1.11
    cpe:2.3:a:opennms:meridian:2022.1.11
  • Opennms » Meridian » Version: 2022.1.12
    cpe:2.3:a:opennms:meridian:2022.1.12
  • Opennms » Meridian » Version: 2022.1.13
    cpe:2.3:a:opennms:meridian:2022.1.13
  • Opennms » Meridian » Version: 2022.1.14
    cpe:2.3:a:opennms:meridian:2022.1.14
  • Opennms » Meridian » Version: 2022.1.15
    cpe:2.3:a:opennms:meridian:2022.1.15
  • Opennms » Meridian » Version: 2022.1.16
    cpe:2.3:a:opennms:meridian:2022.1.16
  • Opennms » Meridian » Version: 2022.1.17
    cpe:2.3:a:opennms:meridian:2022.1.17
  • Opennms » Meridian » Version: 2022.1.18
    cpe:2.3:a:opennms:meridian:2022.1.18
  • Opennms » Meridian » Version: 2022.1.2
    cpe:2.3:a:opennms:meridian:2022.1.2
  • Opennms » Meridian » Version: 2022.1.3
    cpe:2.3:a:opennms:meridian:2022.1.3
  • Opennms » Meridian » Version: 2022.1.4
    cpe:2.3:a:opennms:meridian:2022.1.4
  • Opennms » Meridian » Version: 2022.1.5
    cpe:2.3:a:opennms:meridian:2022.1.5
  • Opennms » Meridian » Version: 2022.1.6
    cpe:2.3:a:opennms:meridian:2022.1.6
  • Opennms » Meridian » Version: 2022.1.7
    cpe:2.3:a:opennms:meridian:2022.1.7
  • Opennms » Meridian » Version: 2022.1.8
    cpe:2.3:a:opennms:meridian:2022.1.8
  • Opennms » Meridian » Version: 2022.1.9
    cpe:2.3:a:opennms:meridian:2022.1.9
  • Opennms » Meridian » Version: 2023.1.0
    cpe:2.3:a:opennms:meridian:2023.1.0
  • Opennms » Meridian » Version: 2023.1.1
    cpe:2.3:a:opennms:meridian:2023.1.1
  • Opennms » Meridian » Version: 2023.1.2
    cpe:2.3:a:opennms:meridian:2023.1.2
  • Opennms » Meridian » Version: 2023.1.3
    cpe:2.3:a:opennms:meridian:2023.1.3
  • Opennms » Meridian » Version: 2023.1.4
    cpe:2.3:a:opennms:meridian:2023.1.4
  • Opennms » Meridian » Version: 2023.1.5
    cpe:2.3:a:opennms:meridian:2023.1.5


Products
Pricing
Contact Us

Shodan ® - All rights reserved