{"id":"CVE-2021-3396","details":"OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts \u003c1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions.","aliases":["GHSA-c3mp-9vx3-2rvv"],"modified":"2026-04-10T04:34:37.101317Z","published":"2021-02-17T21:15:13.120Z","references":[{"type":"ADVISORY","url":"https://www.opennms.com"},{"type":"ADVISORY","url":"https://www.opennms.com/en/blog/2021-02-16-cve-2021-3396-full-security-disclosure/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opennms/newts","events":[{"introduced":"0"},{"fixed":"f4a2b513856185d3c0ddec2ac8ad22a99d7fc836"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.5.3"}]}},{"type":"GIT","repo":"https://github.com/opennms/opennms","events":[{"introduced":"7f286aea262cc50b0e4f6d7d5c4d3c5d4b5ed6f6"},{"last_affected":"0e30c0a18a0d03212073144167efae5749d205cf"},{"introduced":"0"},{"last_affected":"56435804491c494aee6294ec060ee2aa326ac524"},{"introduced":"f35a4f1438cd231e97dd09f3b2a431ef4065b503"},{"last_affected":"8431e3820d820d895ca0cee4b36b7957284955e0"},{"introduced":"730cebdc0beb5f5298ca636cc573941dfbddb746"},{"fixed":"ae5b2f62da238d3f1203f200c3e0880b6cee1986"},{"introduced":"e14c73ca4f92ac0ae66c3c23232184a2d10fbb49"},{"fixed":"84036443d5b7773339f8abf0f4bc3c26b0d24811"},{"introduced":"0d3624eadab83197935d675b014fa7d8190e0258"},{"fixed":"4e53cb5a7eb2c66c4e36a5fe9e8c4605a593259b"}],"database_specific":{"versions":[{"introduced":"16.0.0"},{"last_affected":"27.0.3"},{"introduced":"2016.1.0"},{"last_affected":"2016.1.24"},{"introduced":"2017.1.0"},{"last_affected":"2017.1.26"},{"introduced":"2018.1.0"},{"fixed":"2018.1.25"},{"introduced":"2019.1.0"},{"fixed":"2019.1.16"},{"introduced":"2020.1.0"},{"fixed":"2020.1.5"}]}}],"versions":["1.0.0","1.1.0","1.2.0","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","1.5.1","1.5.2","meridian-foundation-2016.1.11-1","meridian-foundation-2016.1.12-1","meridian-foundation-2016.1.13-1","meridian-foundation-2016.1.14-1","meridian-foundation-2016.1.16-1","meridian-foundation-2016.1.17-1","meridian-foundation-2016.1.18-1","meridian-foundation-2016.1.19-1","meridian-foundation-2016.1.20-1","meridian-foundation-2016.1.21-1","meridian-foundation-2016.1.22-1","meridian-foundation-2016.1.23-1","meridian-foundation-2016.1.24-1","meridian-foundation-2016.1.8-1","meridian-foundation-2017.1.1-1","meridian-foundation-2017.1.11-1","meridian-foundation-2017.1.12-1","meridian-foundation-2017.1.13-1","meridian-foundation-2017.1.14-1","meridian-foundation-2017.1.15-1","meridian-foundation-2017.1.16-1","meridian-foundation-2017.1.17-1","meridian-foundation-2017.1.18-1","meridian-foundation-2017.1.19-1","meridian-foundation-2017.1.20-1","meridian-foundation-2017.1.21-1","meridian-foundation-2017.1.22-1","meridian-foundation-2017.1.23-1","meridian-foundation-2017.1.24-1","meridian-foundation-2017.1.25-1","meridian-foundation-2017.1.26-1","meridian-foundation-2017.1.6-1","meridian-foundation-2017.1.7-1","meridian-foundation-2017.1.8-1","meridian-foundation-2017.1.9-1","meridian-foundation-2018.1.0-1","meridian-foundation-2018.1.1-1","meridian-foundation-2018.1.10-1","meridian-foundation-2018.1.11-1","meridian-foundation-2018.1.12-1","meridian-foundation-2018.1.13-1","meridian-foundation-2018.1.14-1","meridian-foundation-2018.1.15-1","meridian-foundation-2018.1.16-1","meridian-foundation-2018.1.17-1","meridian-foundation-2018.1.18-1","meridian-foundation-2018.1.19-1","meridian-foundation-2018.1.2-1","meridian-foundation-2018.1.20-1","meridian-foundation-2018.1.21-1","meridian-foundation-2018.1.22-1","meridian-foundation-2018.1.23-1","meridian-foundation-2018.1.24-1","meridian-foundation-2018.1.3-1","meridian-foundation-2018.1.4-1","meridian-foundation-2018.1.5-1","meridian-foundation-2018.1.6-1","meridian-foundation-2018.1.7-1","meridian-foundation-2018.1.8-1","meridian-foundation-2018.1.9-1","meridian-foundation-2019.1.0-1","meridian-foundation-2019.1.1-1","meridian-foundation-2019.1.10-1","meridian-foundation-2019.1.11-1","meridian-foundation-2019.1.12-1","meridian-foundation-2019.1.13-1","meridian-foundation-2019.1.14-1","meridian-foundation-2019.1.15-1","meridian-foundation-2019.1.2-1","meridian-foundation-2019.1.3-1","meridian-foundation-2019.1.4-1","meridian-foundation-2019.1.5-1","meridian-foundation-2019.1.6-1","meridian-foundation-2019.1.7-1","meridian-foundation-2019.1.8-1","meridian-foundation-2020.1.0-1","meridian-foundation-2020.1.1-1","meridian-foundation-2020.1.2-1","meridian-foundation-2020.1.3-1","meridian-foundation-2020.1.4-1","opennms-1.11.1-1","opennms-1.11.3-1","opennms-1.13.2-1","opennms-1.9.0-1","opennms-1.9.4-1","opennms-1.9.93-1","opennms-17.0.0-1","opennms-20.0.0-1","opennms-27.0.1-1","opennms-27.0.2-1","opennms-27.0.3-1","space-integration-12.2-code-freeze"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3396.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}