Vulnerabilities > CVE-2021-37223 - Server-Side Request Forgery (SSRF) vulnerability in Nagios XI

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
nagios
CWE-918
NVD
Published: 2021-10-05
Updated: 2021-10-12

Summary

Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.

Vulnerable Configurations

Part Description Count
Application
Nagios
13

Common Weakness Enumeration (CWE)

References