OpenMNS Horizon New CVEs and Security Vulnerabilities

Aug 14, 2023

OpenMNS Horizon is a solution used to facilitate network management and monitoring operations for businesses. However, newly released CVE codes shed light on security vulnerabilities identified in this system, warranting a more detailed examination:

1. CVE-2023-40312: Reflective XSS Security Vulnerability

This security vulnerability has been identified in OpenMNS Horizon 31.0.8 and earlier versions. Attackers can exploit this vulnerability by sending requests containing pre-prepared malicious code. The server does not adequately apply security measures when processing these codes, enabling the attacker to execute malicious code in the browser.
As a result of such an attack, the attacker can manipulate users' browsers to display malicious content, carry out phishing attacks, and even hijack user sessions.

2. CVE-2023-0872: Escalable Privilege Security Vulnerability

This vulnerability, identified in OpenMNS Horizon 31.0.8 and earlier versions, stems from weak access controls in the API. Attackers can leverage this vulnerability to attempt to create an account with higher privileges from an account with lower privileges or elevate the permissions of an existing account.
Such an attack allows the attacker to gain control over the system, access sensitive data, and even manipulate the system against users' intentions.

3. CVE-2023-40311: Stored XSS Security Vulnerability

This security vulnerability in OpenMNS Horizon 31.0.8 and earlier versions enables the storage of malicious code in data saved on the server. Attackers can utilize this vulnerability to insert malicious code into the database. This malicious code can execute in users' browsers when processed by the server.
As a result of such an attack, the attacker can add sensitive data to the database, hijack user sessions, and even orchestrate phishing attacks.

These security vulnerabilities underscore the potential risk OpenMNS Horizon poses for businesses. Therefore, system administrators and security experts should focus on taking the necessary steps to address these vulnerabilities. Measures such as regular updates, effective configuration of security firewalls, and tightening access controls are crucial to enhancing system security.

OpenMNS Horizon - CVEs References

Source: The OpenNMS Group NVD Published Date: 2023-08-14 NVD Last Modified: 2023-08-14

CVE-2023-40312: Reflective XSS Security Vulnerabi lity CVE-2023-0872: Escalable Privilege Security Vulnerability

CVE-2023-40311: Stored XSS Security Vulnerability

CVE - Released 14 august 2023 List in Our Forum

Trending

Server-Side Request Forgery (SSRF) Vulnerability in SmartRobot by INTUMIT

The Silent Threat in Systems: Two New Vulnerabilities in Tenable Network Monitor

Remote Code Execution in EV Charging Stations

Prisma Access Browser Security Update: Take Action to Address Critical Vulnerabilities

High-Severity Referrer-Policy Vulnerability in Google Chrome

🚨 Security Alarm on Apple Devices 🚨

Critical Vulnerability in KUNBUS Revolution Pi OS

OpenMNS Horizon New CVEs and Security Vulnerabilities

OpenMNS Horizon New CVEs and Security Vulnerabilities

Post a Comment

İletişim Formu