Vulnerabilities > Nagios > Nagios XI > 5.7.3

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-28648 Improper Input Validation vulnerability in Nagios XI
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
network
low complexity
nagios CWE-20
8.8
8.8
2020-10-20 CVE-2020-5792 Argument Injection or Modification vulnerability in Nagios XI 5.7.3
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
network
low complexity
nagios CWE-88
7.2
7.2
2020-10-20 CVE-2020-5791 OS Command Injection vulnerability in Nagios XI
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
network
low complexity
nagios CWE-78
7.2
7.2
2020-10-20 CVE-2020-5790 Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
network
low complexity
nagios CWE-352
6.5
6.5