An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-11T15:54:33
Updated: 2024-08-04T12:04:22.909Z
Reserved: 2020-05-09T00:00:00
Link: CVE-2020-12760
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-05-11T16:15:13.147
Modified: 2024-11-21T05:00:13.653
Link: CVE-2020-12760
Redhat
No data.