CVE-2021-3396
- Source
- https://cve.org/CVERecord?id=CVE-2021-3396
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3396.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3396
- Aliases
- Published
- 2021-02-17T21:15:13.120Z
- Modified
- 2026-04-10T04:34:37.101317Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.
- References
Affected packages
Git / github.com/opennms/newts
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opennms/newts
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.5.3" } ] }
- Type
- GIT
- Repo
- https://github.com/opennms/opennms
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "16.0.0" }, { "last_affected": "27.0.3" }, { "introduced": "2016.1.0" }, { "last_affected": "2016.1.24" }, { "introduced": "2017.1.0" }, { "last_affected": "2017.1.26" }, { "introduced": "2018.1.0" }, { "fixed": "2018.1.25" }, { "introduced": "2019.1.0" }, { "fixed": "2019.1.16" }, { "introduced": "2020.1.0" }, { "fixed": "2020.1.5" } ] }
Affected versions
1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4.0
1.4.1
1.4.2
1.4.3
1.5.0
1.5.1
1.5.2
meridian-foundation-2016.*
meridian-foundation-2016.1.11-1
meridian-foundation-2016.1.12-1
meridian-foundation-2016.1.13-1
meridian-foundation-2016.1.14-1
meridian-foundation-2016.1.16-1
meridian-foundation-2016.1.17-1
meridian-foundation-2016.1.18-1
meridian-foundation-2016.1.19-1
meridian-foundation-2016.1.20-1
meridian-foundation-2016.1.21-1
meridian-foundation-2016.1.22-1
meridian-foundation-2016.1.23-1
meridian-foundation-2016.1.24-1
meridian-foundation-2016.1.8-1
meridian-foundation-2017.*
meridian-foundation-2017.1.1-1
meridian-foundation-2017.1.11-1
meridian-foundation-2017.1.12-1
meridian-foundation-2017.1.13-1
meridian-foundation-2017.1.14-1
meridian-foundation-2017.1.15-1
meridian-foundation-2017.1.16-1
meridian-foundation-2017.1.17-1
meridian-foundation-2017.1.18-1
meridian-foundation-2017.1.19-1
meridian-foundation-2017.1.20-1
meridian-foundation-2017.1.21-1
meridian-foundation-2017.1.22-1
meridian-foundation-2017.1.23-1
meridian-foundation-2017.1.24-1
meridian-foundation-2017.1.25-1
meridian-foundation-2017.1.26-1
meridian-foundation-2017.1.6-1
meridian-foundation-2017.1.7-1
meridian-foundation-2017.1.8-1
meridian-foundation-2017.1.9-1
meridian-foundation-2018.*
meridian-foundation-2018.1.0-1
meridian-foundation-2018.1.1-1
meridian-foundation-2018.1.10-1
meridian-foundation-2018.1.11-1
meridian-foundation-2018.1.12-1
meridian-foundation-2018.1.13-1
meridian-foundation-2018.1.14-1
meridian-foundation-2018.1.15-1
meridian-foundation-2018.1.16-1
meridian-foundation-2018.1.17-1
meridian-foundation-2018.1.18-1
meridian-foundation-2018.1.19-1
meridian-foundation-2018.1.2-1
meridian-foundation-2018.1.20-1
meridian-foundation-2018.1.21-1
meridian-foundation-2018.1.22-1
meridian-foundation-2018.1.23-1
meridian-foundation-2018.1.24-1
meridian-foundation-2018.1.3-1
meridian-foundation-2018.1.4-1
meridian-foundation-2018.1.5-1
meridian-foundation-2018.1.6-1
meridian-foundation-2018.1.7-1
meridian-foundation-2018.1.8-1
meridian-foundation-2018.1.9-1
meridian-foundation-2019.*
meridian-foundation-2019.1.0-1
meridian-foundation-2019.1.1-1
meridian-foundation-2019.1.10-1
meridian-foundation-2019.1.11-1
meridian-foundation-2019.1.12-1
meridian-foundation-2019.1.13-1
meridian-foundation-2019.1.14-1
meridian-foundation-2019.1.15-1
meridian-foundation-2019.1.2-1
meridian-foundation-2019.1.3-1
meridian-foundation-2019.1.4-1
meridian-foundation-2019.1.5-1
meridian-foundation-2019.1.6-1
meridian-foundation-2019.1.7-1
meridian-foundation-2019.1.8-1
meridian-foundation-2020.*
meridian-foundation-2020.1.0-1
meridian-foundation-2020.1.1-1
meridian-foundation-2020.1.2-1
meridian-foundation-2020.1.3-1
meridian-foundation-2020.1.4-1
opennms-1.*
opennms-1.11.1-1
opennms-1.11.3-1
opennms-1.13.2-1
opennms-1.9.0-1
opennms-1.9.4-1
opennms-1.9.93-1
opennms-17.*
opennms-17.0.0-1
opennms-20.*
opennms-20.0.0-1
opennms-27.*
opennms-27.0.1-1
opennms-27.0.2-1
opennms-27.0.3-1
space-integration-12.*
space-integration-12.2-code-freeze