漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Form Can Be Manipulated with Cross-Site Request Forgery (CSRF)
Vulnerability Description
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Opennms Group OpenNMS 跨站请求伪造漏洞
Vulnerability Description
Opennms Group OpenNMS是美国Opennms Group公司的一套开源的企业级网络监视和网络管理平台。 OpenNMS Meridian、 Horizon存在跨站请求伪造漏洞,攻击者利用该漏洞可以访问机密信息并破坏完整性,以下产品和版本受到影响:Meridian 2023.1.1 之前版本、 Horizon 31.0.6之前版本。
CVSS Information
N/A
Vulnerability Type
N/A