Vulnerabilities > Nagios

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-10	CVE-2018-17147	Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.5.4 has XSS in the auto login admin management page. network low complexity nagios CWE-79	4.8
2019-06-19	CVE-2018-17148	Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. network low complexity nagios CWE-284 critical	9.8
2019-06-19	CVE-2018-17146	Cross-site Scripting vulnerability in Nagios XI A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. network low complexity nagios CWE-79	5.4
2019-05-22	CVE-2019-12279	SQL Injection vulnerability in Nagios XI 5.6.1 Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). network low complexity nagios CWE-89 critical	9.8
2019-03-28	CVE-2019-9167	Cross-site Scripting vulnerability in Nagios XI Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. network low complexity nagios CWE-79	6.1
2019-03-28	CVE-2019-9166	Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. local low complexity nagios CWE-732	7.8
2019-03-28	CVE-2019-9204	SQL Injection vulnerability in Nagios Incident Manager 2.0.0/2.0.1 SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. network low complexity nagios CWE-89 critical	9.8
2019-03-28	CVE-2019-9203	Unspecified vulnerability in Nagios Incident Manager 2.0.0/2.0.1 Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. network low complexity nagios critical	9.8
2019-03-28	CVE-2019-9202	Unspecified vulnerability in Nagios Incident Manager 2.0.0/2.0.1 Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues. network low complexity nagios	8.8
2019-03-28	CVE-2019-9165	SQL Injection vulnerability in Nagios XI SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. network low complexity nagios CWE-89 critical	9.8

Vulnerabilities > Nagios {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Nagios"}]}

Vulnerabilities > Nagios