CVE-2021-3396: Full Security Disclosure

OpenNMS Security Issue Requires Immediate Upgrade The OpenNMS Group recently learned about and fixed a security vulnerability that allowed local and remote code execution as an authenticated user via a custom, targeted JEXL expression. Thank you to Artem Smotrakov for notifying us of this issue. CVE-2021-3396 applies to the following: Meridian-2016.1.0 - Meridian-2016.1.24 Meridian-2017.1.0 - Meridian-2017.1.26 [...]

By |2021-02-16T21:06:27+00:00February 16th, 2021|Categories: Uncategorized|1 Comment

CVE-2021-3396: OpenNMS Security Vulnerability (Please Update)

We recently learned about a security issue with OpenNMS. Please refer to CVE-2021-3396 for more information. To protect everyone using OpenNMS from an exploitation of this vulnerability, the CVE will not provide full details of the vulnerability until Tuesday, February 16, 2021. This should provide time to upgrade your system before full public disclosure. This issue [...]

By |2021-02-10T16:25:35+00:00February 10th, 2021|Categories: Uncategorized|0 Comments
Go to Top