Vulnerabilities > Nagios > Nagios XI > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-28648 | Improper Input Validation vulnerability in Nagios XI Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | 8.8 |
| 2020-11-13 | CVE-2020-5796 | Improper Preservation of Permissions vulnerability in Nagios XI 5.7.4 Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | 7.8 |
| 2020-10-20 | CVE-2020-5792 | Argument Injection or Modification vulnerability in Nagios XI 5.7.3 Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | 7.2 |
| 2020-10-20 | CVE-2020-5791 | OS Command Injection vulnerability in Nagios XI Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | 7.2 |
| 2020-07-22 | CVE-2020-15901 | Unspecified vulnerability in Nagios XI In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | 8.8 |
| 2019-12-31 | CVE-2019-20197 | OS Command Injection vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | 8.8 |
| 2019-09-05 | CVE-2019-15949 | OS Command Injection vulnerability in Nagios XI Nagios XI before 5.6.6 allows remote command execution as root. | 8.8 |
| 2019-03-28 | CVE-2019-9166 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | 7.8 |
| 2019-03-28 | CVE-2019-9164 | Cross-site Scripting vulnerability in Nagios XI Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | 8.8 |
| 2018-11-14 | CVE-2018-15711 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. | 8.8 |