CVE-2023-0872: 
Java vulnerability analysis and mitigation

The vulnerability (CVE-2023-0872) affects the Horizon REST API users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 across multiple platforms. The vulnerability was discovered and reported by Erik Wynter, with the disclosure date being February 16, 2023 (CVE Mitre).

The vulnerability is related to elevation of privilege in the Horizon REST API users endpoint. The affected versions include OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2. The vulnerability exists within systems that are intended for installation within an organization's private networks and should not be directly accessible from the Internet (CVE Mitre).

The vulnerability allows for elevation of privilege attacks against affected systems. This could potentially allow attackers to gain unauthorized access to higher privilege levels within the system (CVE Mitre).

The recommended solution is to upgrade to one of the following versions: Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38, or Horizon 32.0.2 or newer. Organizations are also advised to ensure their OpenNMS installations are not directly accessible from the Internet (CVE Mitre).