Lucene search
+L

153 matches found

RedhatCVE
RedhatCVE
added 2025/04/26 5:16 a.m.9 views

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

7.5CVSS6.8AI score0.0073EPSS
Exploits0References1
NVD
NVD
added 2025/04/18 5:15 p.m.17 views

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

7.5CVSS0.0073EPSS
Exploits0References2
OSV
OSV
added 2025/04/18 5:15 p.m.6 views

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

7.5CVSS5.8AI score0.0073EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/18 12:0 a.m.6 views

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

7AI score0.0073EPSS
Exploits0References2
CVE
CVE
added 2025/04/18 12:0 a.m.65 views

CVE-2025-28059

CVE-2025-28059 affects Nagios Network Analyzer 2024R1.0.3. Root cause: improper session invalidation and stale token handling after user deletion, causing active sessions and API tokens to remain valid and grant access to restricted functions. Impact: unauthorized access to system resources. Expl...

7.5CVSS6.8AI score0.0073EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/18 12:0 a.m.19 views

CVE-2025-28059

An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...

0.0073EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.9 views

PT-2025-17319

Name of the Vulnerable Software and Affected Versions: Nagios Network Analyzer version 2024R1.0.3 Description: The issue arises from improper session invalidation and stale token handling, allowing deleted users to retain access to system resources. When a user account is deleted by an...

7.5CVSS6.3AI score0.0073EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.5 views

Nagios Network Analyzer 安全漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in Nagios Network Analyzer version 2024R1.0.3, which stems from session failure and improper token handling, and could lead to unauthorized access to...

7.5CVSS6.7AI score0.0073EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/04/17 12:0 a.m.5 views

Wireshark Analyzer 4.4.6

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/03 12:25 a.m.13 views

CVE-2025-28131

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...

4.6CVSS7.1AI score0.00383EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 5:15 p.m.5 views

CVE-2025-28131

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...

4.6CVSS5.8AI score0.00383EPSS
Exploits0References2
NVD
NVD
added 2025/04/01 5:15 p.m.23 views

CVE-2025-28131

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...

4.6CVSS0.00383EPSS
Exploits0References2
OSV
OSV
added 2025/04/01 5:15 p.m.8 views

CVE-2025-28132

A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing...

4.6CVSS5.8AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2025/04/01 5:15 p.m.16 views

CVE-2025-28132

A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing...

4.6CVSS0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-14370 · Nagios · Nagios Network Analyzer

Name of the Vulnerable Software and Affected Versions: Nagios Network Analyzer version 2024R1.0.3 Description: A Broken Access Control issue allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. Th...

4.6CVSS6.3AI score0.00383EPSS
Exploits0References9
CVE
CVE
added 2025/04/01 12:0 a.m.68 views

CVE-2025-28132

Nagios Network Analyzer 2024R1.0.3 is affected by a session management flaw where session tokens remain valid after user logout, enabling reuse and impersonation with unauthorized access and potential account takeover. Root cause: insufficient session expiration/invalidated tokens after logout. I...

4.6CVSS7AI score0.00367EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/01 12:0 a.m.5 views

CVE-2025-28131

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...

7AI score0.00383EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.6 views

Nagios Network Analyzer 授权问题漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. An authorization issue vulnerability exists in Nagios Network Analyzer version 2024R1.0.3, which stems from improper access control that allows a low-privileged user to perform...

4.6CVSS6.7AI score0.00383EPSS
Exploits0References4
CVE
CVE
added 2025/04/01 12:0 a.m.65 views

CVE-2025-28131

CVE-2025-28131 concerns a Broken Access Control in Nagios Network Analyzer 2024R1.0.3. Multiple sources describe that low-privilege users with Read-Only access can perform administrative actions (e.g., stopping system services and deleting critical resources) due to improper authorization enforce...

4.6CVSS7AI score0.00383EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/01 12:0 a.m.16 views

CVE-2025-28131

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...

0.00383EPSS
Exploits0References2
Rows per page
Query Builder