Patch Now- OpenNMS Bug Steals Data, Triggers Denial of Service

According to researchers at Synopsys, Cisco, Savannah River Nuclear Solutions, and other companies in the critical infrastructure sectors of CISA trust the monitoring platform. The widely used open source network monitoring program, OpenNMS, has had a high severity vulnerability patched in both the community-supported and subscription-based versions.

Attackers have a technique to steal information from the OpenNMS file server system, make arbitrary HTTP requests to internal and external services, and cause denial-of-service conditions on impacted systems thanks to the XML external entity (XXE) injection vulnerability. The vulnerability was found by Synopsys researchers in June, and they alerted OpenNMS’s maintainers, who last week issued a patch.

Patch Now- OpenNMS Bug Steals Data, Triggers Denial of Service

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Patch Now- OpenNMS Bug Steals Data, Triggers Denial of Service

16-Aug-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address