CVE-2023-40314

Summary

CVE-2023-40314 is a cross-site scripting (XSS) vulnerability affecting multiple versions of OpenNMS Meridian and Horizon. This issue allows attackers to gain access to confidential session information. The impacted components, Meridian and Horizon, are intended for installation within private networks and should not be directly accessible from the Internet. However, this vulnerability exposes such networks to potential attacks. The recommended solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer. OpenNMS acknowledges the reporting of this issue by Moshe Apelbaum.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.