OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
References
Link | Resource |
---|---|
https://www.opennms.com | Vendor Advisory |
https://www.opennms.com/en/blog/2021-02-16-cve-2021-3396-full-security-disclosure/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
25 Feb 2021, 16:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.opennms.com - Vendor Advisory | |
References | (CONFIRM) https://www.opennms.com/en/blog/2021-02-16-cve-2021-3396-full-security-disclosure/ - Vendor Advisory | |
CPE | cpe:2.3:a:opennms:horizon:*:*:*:*:*:*:*:* cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:* cpe:2.3:a:opennms:newts:*:*:*:*:*:*:*:* |
|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
17 Feb 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-17 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3396
Mitre link : CVE-2021-3396
CVE.ORG link : CVE-2021-3396
JSON object : View
Products Affected
opennms
- horizon
- meridian
- newts
CWE