CVE-2020-11886

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11886

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11886.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11886

Published

2020-04-17T20:15:12.160Z

Modified

2025-11-20T11:11:16.020885Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21.

References

https://issues.opennms.org/browse/NMS-12572

Affected packages

Git / github.com/opennms/opennms

Affected ranges

Type: GIT
Repo: https://github.com/opennms/opennms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f96e10ca2c7b3234ee4bfcdc21c6b3fb053673b1

Affected versions

meridian-foundation-2015.*

meridian-foundation-2015.1.0-1

meridian-foundation-2015.1.1-1

meridian-foundation-2015.1.10-1

meridian-foundation-2015.1.2-1

meridian-foundation-2015.1.3-1

meridian-foundation-2015.1.4-1

meridian-foundation-2015.1.5-1

meridian-foundation-2015.1.6-1

meridian-foundation-2015.1.7-1

meridian-foundation-2016.*

meridian-foundation-2016.1.1-1

meridian-foundation-2016.1.10-1

meridian-foundation-2016.1.15-1

meridian-foundation-2016.1.2-1

meridian-foundation-2016.1.3-1

meridian-foundation-2016.1.4-1

meridian-foundation-2016.1.5-1

meridian-foundation-2016.1.6-1

meridian-foundation-2016.1.7-1

meridian-foundation-2016.1.9-1

meridian-foundation-2017.*

meridian-foundation-2017.1.0-1

meridian-foundation-2017.1.10-1

meridian-foundation-2017.1.2-1

meridian-foundation-2017.1.3-1

meridian-foundation-2017.1.4-1

meridian-foundation-2017.1.5-1

opennms-1.*

opennms-1.10.0-1

opennms-1.10.1-1

opennms-1.10.10-1

opennms-1.10.11-1

opennms-1.10.12-1

opennms-1.10.13-1

opennms-1.10.14-1

opennms-1.10.2-1

opennms-1.10.3-1

opennms-1.10.4-1

opennms-1.10.5-1

opennms-1.10.6-1

opennms-1.10.7-1

opennms-1.10.8-1

opennms-1.10.9-1

opennms-1.11.0-1

opennms-1.11.1-1

opennms-1.11.3-1

opennms-1.11.90-1

opennms-1.11.91-1

opennms-1.11.92-1

opennms-1.11.93-1

opennms-1.11.94-1

opennms-1.12.0-1

opennms-1.12.1-1

opennms-1.12.2-1

opennms-1.12.3-1

opennms-1.12.4-1

opennms-1.12.5-1

opennms-1.12.6-1

opennms-1.12.7-1

opennms-1.12.8-1

opennms-1.12.9-1

opennms-1.13.0-1

opennms-1.13.1-1

opennms-1.13.2-1

opennms-1.13.3-1

opennms-1.13.4-1

opennms-1.7.9

opennms-1.9.0-1

opennms-1.9.3-2

opennms-1.9.4-1

opennms-1.9.5-1

opennms-1.9.6-1

opennms-1.9.7-1

opennms-1.9.8-1

opennms-1.9.90-1

opennms-1.9.91-1

opennms-1.9.92-1

opennms-1.9.93-1

opennms-14.*

opennms-14.0.0-1

opennms-14.0.1-1

opennms-14.0.2-1

opennms-14.0.3-1

opennms-14.0.3-2

opennms-15.*

opennms-15.0.0-1

opennms-15.0.1-1

opennms-15.0.2-1

opennms-16.*

opennms-16.0.0-1

opennms-16.0.1-1

opennms-16.0.2-1

opennms-16.0.3-1

opennms-16.0.4-1

opennms-17.*

opennms-17.0.0-1

opennms-17.1.0-1

opennms-17.1.1-1

opennms-17.1.1-2

opennms-17.1.1-3

opennms-18.*

opennms-18.0.0-1

opennms-18.0.1-1

opennms-18.0.2-1

opennms-18.0.3-1

opennms-18.0.4-1

opennms-19.*

opennms-19.0.0-1

opennms-19.0.1-1

opennms-19.1.0-1

opennms-20.*

opennms-20.0.0-1

opennms-20.0.1-1

opennms-20.0.2-1

opennms-20.1.0-1

opennms-21.*

opennms-21.0.0-1

opennms-21.0.1-1

opennms-21.0.2-1

opennms-21.0.3-1

opennms-21.0.4-1

opennms-21.0.5-1

opennms-21.1.0-1

opennms-22.*

opennms-22.0.0-1

opennms-22.0.1-1

opennms-22.0.2-1

opennms-22.0.3-1

opennms-22.0.4-1

opennms-23.*

opennms-23.0.0-1

opennms-23.0.1-1

opennms-23.0.2-1

opennms-23.0.3-1

opennms-23.0.4-1

opennms-24.*

opennms-24.0.0-1

opennms-24.1.0-1

opennms-24.1.1-1

opennms-24.1.2-1

opennms-24.1.3-1

opennms-25.*

opennms-25.0.0-1

opennms-25.1.0-1

opennms-25.1.1-1

opennms-25.1.2-1

opennms-25.2.0-1

space-integration-12.*

space-integration-12.2-code-freeze

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11886.json"

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2020-11886-7ba910b2",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "199311011637419260932170840270564976696",
                "288836938368943419283143853669871973966",
                "135718932720050354838971280479342424524",
                "268173271453285545032913211756943992644"
            ]
        },
        "source": "https://github.com/opennms/opennms/commit/f96e10ca2c7b3234ee4bfcdc21c6b3fb053673b1",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2020-11886-fc81494f",
        "digest": {
            "length": 185.0,
            "function_hash": "169990158326267771928730985730669797968"
        },
        "source": "https://github.com/opennms/opennms/commit/f96e10ca2c7b3234ee4bfcdc21c6b3fb053673b1",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java",
            "function": "getFrameworkUrl"
        }
    }
]