CVE-2023-40313

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 17, 2023

Updated: Aug 23, 2023

Summary

CVE-2023-40313 is a remote code execution vulnerability affecting OpenMNS Horizon versions below 32.0.2 and related Meridian versions. The BeanShell interpreter in remote server mode is the culprit, which can be exploited to run arbitrary Java code. Organizations using these outdated versions are urged to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38, or Horizon 32.0.2 or later. It is important to note that these applications are designed for private network installations and should not be publicly accessible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenNMS Meridian
OpenNMS Horizon

Affected Vendors

Opennms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sV2DRh
https://www.cve.org/CVERecord?id=CVE-2023-40313
https://nvd.nist.gov/vuln/detail/CVE-2023-40313

Back to Vulnerability Database