CVE-2018-17148

2019-06-1917:23:25

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

References

assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT