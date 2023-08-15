Overview

The Black Duck Cybersecurity Research Center (CyRC) has discovered CVE-2023-0871, an XML external entity injection vulnerability, in OpenNMS Horizon.

OpenNMS is a Java language open source network monitoring platform. The OpenNMS platform monitors some of the largest networks in the Fortune 500, covering the healthcare, technology, energy, finance, government, education, retail, and industrial sectors, many with tens of thousands of networked devices.

OpenNMS comes in two open source distributions: Horizon (community release) and Meridian (enterprise release) with the AGPLv3 license. Additional components enhance the platform with distributed network monitoring (Minion), scalability (Sentinel), and scalable data persistence (Newts).