-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.opennms:opennms | maven | >= 16.0.0, <= 27.0.3 | 27.0.4 |
| org.opennms.features:org.opennms.features.measurements | maven | >= 16.0.0, <= 27.0.3 | 27.0.4 |
| org.opennms:opennms-provision | maven | >= 16.0.0, <= 27.0.3 | 27.0.4 |
| org.opennms:opennms-util | maven | >= 16.0.0, <= 27.0.3 | 27.0.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from JEXL expression evaluation in multiple components without proper access control. Based on the OpenNMS security disclosure listing affected components (Measurements API, Provisiond, Thresholding, Newts), we identify the core JEXL evaluation entry points in each component. These functions would appear in runtime profiles when processing malicious expressions due to their direct role in expression evaluation. The confidence levels reflect component-specific mentions in the advisory and typical JEXL integration patterns in OpenNMS architecture.
A Semantic Attack on Google Gemini - Read the Latest Research