Meridian
CVE-2022-29578
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage.
AnalysisAI
Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. Affected products include: Meridian.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FIL
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple pl
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridi
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or s
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today