Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities found for OpenNMS by OpenNMS
VAR-201810-0068
Vulnerability from variot - Updated: 2023-12-18 12:28A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. OpenNMS is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. OpenNMS is one of the network management systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos space",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "18.1r1"
},
{
"model": "junos space",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "18.2r1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.13.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.14"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.96"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.95"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.94"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.5.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.90"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.9.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.8.17"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.8.16"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.13.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.5"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.12.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.94"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.93"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.92"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.91"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.11.0"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.9"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.8"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.7"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.6"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.4"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.3"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.2"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.13"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.12"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.11"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.10"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.1"
},
{
"model": "opennms",
"scope": "eq",
"trust": 0.3,
"vendor": "opennms",
"version": "1.10.0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.2.2"
},
{
"model": "junos space 15.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "15.2"
},
{
"model": "junos space 15.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r2.11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1f3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 15.1f2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1r1.9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 14.1.r3.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r4.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r1.9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.3r1.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.3"
},
{
"model": "junos space 13.1r1.6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 13.1p1.14",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space r1.8",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.1"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "13.1"
},
{
"model": "junos space 12.3r2.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 12.3r1.3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space 12.3p2.8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.2"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1"
},
{
"model": "junos space 11.4r5.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.4"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.2"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.1"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.4"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.3"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "1.0"
},
{
"model": "junos space 18.2r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:junos_space:18.1r1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcel Bilal",
"sources": [
{
"db": "BID",
"id": "105566"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-0046",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-118248",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "sirt@juniper.net",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-0046",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0046",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2018-0046",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-514",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118248",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. OpenNMS is prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. OpenNMS is one of the network management systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "VULHUB",
"id": "VHN-118248"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0046",
"trust": 2.8
},
{
"db": "BID",
"id": "105566",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1041862",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10880",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118248",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"id": "VAR-201810-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:44.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10880",
"trust": 0.8,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10880\u0026actp=metadata"
},
{
"title": "Juniper Junos Space OpenNMS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86100"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://github.com/opennms/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105566"
},
{
"trust": 1.7,
"url": "https://kb.juniper.net/jsa10880"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041862"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0046"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0046"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118248"
},
{
"db": "BID",
"id": "105566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-118248"
},
{
"date": "2018-10-10T00:00:00",
"db": "BID",
"id": "105566"
},
{
"date": "2019-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"date": "2018-10-10T18:29:00.780000",
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"date": "2018-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118248"
},
{
"date": "2018-10-10T00:00:00",
"db": "BID",
"id": "105566"
},
{
"date": "2019-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011017"
},
{
"date": "2019-10-09T23:31:05.440000",
"db": "NVD",
"id": "CVE-2018-0046"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks Junos Space Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-514"
}
],
"trust": 0.6
}
}
CVE-2016-6556 (GCVE-0-2016-6556)
Vulnerability from cvelistv5 – Published: 2022-06-15 18:35 – Updated: 2024-09-16 16:43
VLAI
Title
OpenNMS Stored XSS via SNMP Agent Data
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2016/11/15/r7-20… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/pull/1019 | x_refsource_MISC |
Impacted products
Date Public
2016-09-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:47.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Agent Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6556",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Agent Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6556",
"datePublished": "2022-06-15T18:35:47.512Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:43:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6555 (GCVE-0-2016-6555)
Vulnerability from cvelistv5 – Published: 2022-06-15 18:35 – Updated: 2024-09-17 01:41
VLAI
Title
OpenNMS Stored XSS via SNMP Trap Alerts
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2016/11/15/r7-20… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/pull/1019 | x_refsource_MISC |
Impacted products
Date Public
2016-09-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:43.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Trap Alerts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6555",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Trap Alerts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6555",
"datePublished": "2022-06-15T18:35:43.500Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:41:54.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25932 (GCVE-0-2021-25932)
Vulnerability from cvelistv5 – Published: 2021-06-01 11:15 – Updated: 2024-08-03 20:11
VLAI
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/OpenNMS/opennms/commit/eb08b5e… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/commit/f3ebfa3… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/commit/8a97e68… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:15:51.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_value": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25932",
"datePublished": "2021-06-01T11:15:51.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1652 (GCVE-0-2020-1652)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-17 01:21
VLAI
Title
Junos Space: OpenNMS is accessible via port 9443
Summary
OpenNMS is accessible via port 9443
Severity
5.6 (Medium)
CWE
- CWE-213 - Intentional Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
20.1 , < 20.1R1
(custom)
|
Date Public
2020-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS is accessible via port 9443"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213 Intentional Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:44.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: OpenNMS is accessible via port 9443",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1652",
"STATE": "PUBLIC",
"TITLE": "Junos Space: OpenNMS is accessible via port 9443"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS is accessible via port 9443"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/",
"refsource": "MISC",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1652",
"datePublished": "2020-07-17T18:40:44.141Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:29.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7856 (GCVE-0-2015-7856)
Vulnerability from cvelistv5 – Published: 2015-10-16 20:00 – Updated: 2024-09-17 03:42
VLAI
Summary
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.opennms.org/wiki/CVE-2015-0975 | x_refsource_CONFIRM |
| http://www.rapid7.com/db/modules/auxiliary/gather… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-16T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/wiki/CVE-2015-0975",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"name": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7856",
"datePublished": "2015-10-16T20:00:00.000Z",
"dateReserved": "2015-10-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:49.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3960 (GCVE-0-2014-3960)
Vulnerability from cvelistv5 – Published: 2014-06-04 14:00 – Updated: 2024-09-17 00:20
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.opennms.org/documentation/ReleaseNotes… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/67774 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/58748 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3960",
"datePublished": "2014-06-04T14:00:00.000Z",
"dateReserved": "2014-06-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:20:54.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6095 (GCVE-0-2008-6095)
Vulnerability from cvelistv5 – Published: 2009-02-09 17:00 – Updated: 2024-08-07 11:20
VLAI
Summary
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://bugzilla.opennms.org/show_bug.cgi?id=2760 | x_refsource_MISC |
| http://www.opennms.org/documentation/ReleaseNotes… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/31539 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32101 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource": "MISC",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6095",
"datePublished": "2009-02-09T17:00:00.000Z",
"dateReserved": "2009-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:20:25.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6556 (GCVE-0-2016-6556)
Vulnerability from nvd – Published: 2022-06-15 18:35 – Updated: 2024-09-16 16:43
VLAI
Title
OpenNMS Stored XSS via SNMP Agent Data
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2016/11/15/r7-20… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/pull/1019 | x_refsource_MISC |
Impacted products
Date Public
2016-09-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:47.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Agent Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6556",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Agent Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP \u0027sysName\u0027 or \u0027sysContact\u0027 response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6556",
"datePublished": "2022-06-15T18:35:47.512Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:43:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6555 (GCVE-0-2016-6555)
Vulnerability from nvd – Published: 2022-06-15 18:35 – Updated: 2024-09-17 01:41
VLAI
Title
OpenNMS Stored XSS via SNMP Trap Alerts
Summary
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.
Severity
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2016/11/15/r7-20… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/pull/1019 | x_refsource_MISC |
Impacted products
Date Public
2016-09-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "OpenNMS",
"versions": [
{
"lessThanOrEqual": "18.0.1",
"status": "affected",
"version": "18.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"datePublic": "2016-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T18:35:43.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenNMS Stored XSS via SNMP Trap Alerts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2016-09-14T18:18:00.000Z",
"ID": "CVE-2016-6555",
"STATE": "PUBLIC",
"TITLE": "OpenNMS Stored XSS via SNMP Trap Alerts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "18.0.1",
"version_value": "18.0.1"
}
]
}
}
]
},
"vendor_name": "OpenNMS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Matthew Kienow and disclosure was coordinated by Rapid7."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2016/11/15/r7-2016-24-opennms-stored-xss-via-snmp-cve-2016-6555-cve-2016-6556/"
},
{
"name": "https://github.com/OpenNMS/opennms/pull/1019",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/pull/1019"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2016-6555",
"datePublished": "2022-06-15T18:35:43.500Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:41:54.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25932 (GCVE-0-2021-25932)
Vulnerability from nvd – Published: 2021-06-01 11:15 – Updated: 2024-08-03 20:11
VLAI
Summary
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/OpenNMS/opennms/commit/eb08b5e… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/commit/f3ebfa3… | x_refsource_MISC |
| https://github.com/OpenNMS/opennms/commit/8a97e68… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenNMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:15:51.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenNMS",
"version": {
"version_data": [
{
"version_value": "opennms-1-0-stable,opennms-1.0.1 through opennms-27.1.0-1,meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1,meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/eb08b5ed4c5548f3e941a1f0d0363ae4439fa98c"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25932"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/f3ebfa3da5352b4d57f238b54c6db315ad99f10e"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01",
"refsource": "MISC",
"url": "https://github.com/OpenNMS/opennms/commit/8a97e6869d6e49da18b208c837438ace80049c01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25932",
"datePublished": "2021-06-01T11:15:51.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1652 (GCVE-0-2020-1652)
Vulnerability from nvd – Published: 2020-07-17 18:40 – Updated: 2024-09-17 01:21
VLAI
Title
Junos Space: OpenNMS is accessible via port 9443
Summary
OpenNMS is accessible via port 9443
Severity
5.6 (Medium)
CWE
- CWE-213 - Intentional Information Exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
20.1 , < 20.1R1
(custom)
|
Date Public
2020-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenNMS is accessible via port 9443"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213 Intentional Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:44.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: OpenNMS is accessible via port 9443",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1652",
"STATE": "PUBLIC",
"TITLE": "Junos Space: OpenNMS is accessible via port 9443"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS is accessible via port 9443"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/",
"refsource": "MISC",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1652",
"datePublished": "2020-07-17T18:40:44.141Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:29.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7856 (GCVE-0-2015-7856)
Vulnerability from nvd – Published: 2015-10-16 20:00 – Updated: 2024-09-17 03:42
VLAI
Summary
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.opennms.org/wiki/CVE-2015-0975 | x_refsource_CONFIRM |
| http://www.rapid7.com/db/modules/auxiliary/gather… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-16T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/wiki/CVE-2015-0975",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/wiki/CVE-2015-0975"
},
{
"name": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/auxiliary/gather/opennms_xxe"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7856",
"datePublished": "2015-10-16T20:00:00.000Z",
"dateReserved": "2015-10-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:49.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3960 (GCVE-0-2014-3960)
Vulnerability from nvd – Published: 2014-06-04 14:00 – Updated: 2024-09-17 00:20
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.opennms.org/documentation/ReleaseNotes… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/67774 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/58748 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3960",
"datePublished": "2014-06-04T14:00:00.000Z",
"dateReserved": "2014-06-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:20:54.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6095 (GCVE-0-2008-6095)
Vulnerability from nvd – Published: 2009-02-09 17:00 – Updated: 2024-08-07 11:20
VLAI
Summary
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://bugzilla.opennms.org/show_bug.cgi?id=2760 | x_refsource_MISC |
| http://www.opennms.org/documentation/ReleaseNotes… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/31539 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32101 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource": "MISC",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6095",
"datePublished": "2009-02-09T17:00:00.000Z",
"dateReserved": "2009-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:20:25.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}