CVE-2023-40313 HIGH

CVE-2023-40313: Disable BeanShell Interpreter Remote Server Mode

Vendor The Opennms Group
Product Horizon
Published August 17, 2023
Last update October 8, 2024

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Key dates

02Disclosure timeline

August 17, 2023 CVE published
October 8, 2024 Record updated