CVE-2020-11886
17.04.2020, 20:15
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21.
| Vendor | Product | Version |
|---|---|---|
| opennms | horizon | 𝑥 < 25.2.1 |
| opennms | meridian | 2017 ≤ 𝑥 < 2017.1.21 |
| opennms | meridian | 2018 ≤ 𝑥 < 2018.1.16 |
| opennms | meridian | 2019 ≤ 𝑥 < 2019.1.4 |
𝑥
= Vulnerable software versions