Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

The OpenNMS Group — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting The OpenNMS Group. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The OpenNMS Group develops enterprise-grade network monitoring and management solutions, primarily serving organizations requiring comprehensive infrastructure visibility. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely documented, the 11 CVEs on record highlight ongoing security challenges in areas like API endpoints and web interfaces. The organization has typically addressed these issues through timely patches and security advisories, though the persistence of certain vulnerability classes suggests a need for continued focus on secure coding practices and comprehensive input sanitization across their product lines.

Top products by The OpenNMS Group: Horizon Meridian
CVE IDTitleCVSSSeverityPublished
CVE-2025-53122 SQLi in OpenNMS Horizon and Meridian — HorizonCWE-89 8.8AIHighAI2025-06-26
CVE-2025-53121 Stored XSS in multiple 33.0.8files in opennms/opennms — HorizonCWE-79 5.4AIMediumAI2025-06-26
CVE-2023-40612 Authenticated XXE Injection Via The File Editor — HorizonCWE-91 5.3 Medium2023-08-23
CVE-2023-40315 ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN — Horizon 5.3 Medium2023-08-17
CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode — Horizon 7.1 High2023-08-17
CVE-2023-40312 Reflected XSS in multiple JSP files in opennms/opennms — HorizonCWE-79 6.7 Medium2023-08-14
CVE-2023-40311 Stored XSS in multiple JSP files in opennms/opennms — HorizonCWE-79 6.7 Medium2023-08-14
CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users — HorizonCWE-269 8.2 High2023-08-14
CVE-2023-0871 An XML External Entity injection vulnerability — HorizonCWE-611 5.4 Medium2023-08-11
CVE-2023-0867 Multiple stored and reflected Cross-site Scripting in webapp — MeridianCWE-79 6.7 Medium2023-02-23
CVE-2023-0868 Stealing Cookies using Reflected XSS via graph results — MeridianCWE-20 6.7 Medium2023-02-23

This page lists every published CVE security advisory associated with The OpenNMS Group. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.