CVE-2020-1652
CVE-2020-1652 is a medium-severity vulnerability in Opennms with a CVSS 3.x base score of 5.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-213.
Key facts
- Severity: Medium (CVSS 3.x base score 5.6)
- CVSS v2: 7.5
- EPSS exploit prediction: 1% (50th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-213
- Affected product: Opennms
- Published:
- Last modified:
Description
OpenNMS is accessible via port 9443
Frequently asked questions
- What is CVE-2020-1652?
- OpenNMS is accessible via port 9443
- How severe is CVE-2020-1652?
- CVE-2020-1652 has a CVSS 3.x base score of 5.6, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability low.
- Is CVE-2020-1652 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (50th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2020-1652?
- CVE-2020-1652 affects Opennms. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2020-1652?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2020-1652 published?
- CVE-2020-1652 was published on 2020-07-17 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:opennms:opennms:-:*:*:*:*:*:*:*
More vulnerabilities in Opennms
- CVE-2015-7856 — Critical (CVSS 10.0): OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access…
- CVE-2016-6556 — High (CVSS 7.1): OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent…
- CVE-2016-6555 — High (CVSS 7.1): OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap…
- CVE-2021-25932 — Medium (CVSS 5.4): In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions…
- CVE-2014-3960 — Medium (CVSS 4.3): Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary…
- CVE-2008-6095 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject…
Other CWE-213 vulnerabilities
- CVE-2023-6517 — High (CVSS 7.5): Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows…
- CVE-2022-30350 — High (CVSS 7.5): Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape…
- CVE-2023-3441 — Medium (CVSS 6.6): An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not…
- CVE-2026-6280 — Medium (CVSS 6.5): Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and…
- CVE-2025-54831 — Medium (CVSS 6.5): Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to…
- CVE-2024-7267 — Medium (CVSS 6.5): Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut…