Vulnerabilities > CVE-2019-9202 - Unspecified vulnerability in Nagios Incident Manager 2.0.0/2.0.1

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
nagios
NVD
Published: 2019-03-28
Updated: 2022-10-06

Summary

Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.

Vulnerable Configurations

Part Description Count
Application
Nagios
2

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/152496/nagioxi5510-xssexec.txt
idPACKETSTORM:152496
last seen2019-04-15
published2019-04-12
reporterAbdel Adim Oisfi
sourcehttps://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
titleNagios XI 5.5.10 XSS / Remote Code Execution

References