Skip to main content

Opennms

5 CVEs product

Monthly

CVE-2021-25932 MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Meridian Opennms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-1652 CRITICAL Act Now

OpenNMS is accessible via port 9443. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opennms
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2015-7856 CRITICAL POC Act Now

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opennms
NVD
CVSS 2.0
10.0
EPSS
1.8%
CVE-2014-3960 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opennms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-0936 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java XSS Opennms
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Meridian Opennms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

OpenNMS is accessible via port 9443. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opennms
NVD
EPSS 2% CVSS 10.0
CRITICAL POC Act Now

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opennms
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opennms
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java XSS Opennms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy