153 matches found
CVE-2025-28059
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...
CVE-2025-28059
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...
CVE-2025-28059
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...
CVE-2025-28059
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...
CVE-2025-28059
CVE-2025-28059 affects Nagios Network Analyzer 2024R1.0.3. Root cause: improper session invalidation and stale token handling after user deletion, causing active sessions and API tokens to remain valid and grant access to restricted functions. Impact: unauthorized access to system resources. Expl...
CVE-2025-28059
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke...
PT-2025-17319
Name of the Vulnerable Software and Affected Versions: Nagios Network Analyzer version 2024R1.0.3 Description: The issue arises from improper session invalidation and stale token handling, allowing deleted users to retain access to system resources. When a user account is deleted by an...
Nagios Network Analyzer 安全漏洞
Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in Nagios Network Analyzer version 2024R1.0.3, which stems from session failure and improper token handling, and could lead to unauthorized access to...
Wireshark Analyzer 4.4.6
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...
CVE-2025-28131
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...
CVE-2025-28131
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...
CVE-2025-28131
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...
CVE-2025-28132
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing...
CVE-2025-28132
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing...
PT-2025-14370 · Nagios · Nagios Network Analyzer
Name of the Vulnerable Software and Affected Versions: Nagios Network Analyzer version 2024R1.0.3 Description: A Broken Access Control issue allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. Th...
CVE-2025-28132
Nagios Network Analyzer 2024R1.0.3 is affected by a session management flaw where session tokens remain valid after user logout, enabling reuse and impersonation with unauthorized access and potential account takeover. Root cause: insufficient session expiration/invalidated tokens after logout. I...
CVE-2025-28131
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...
Nagios Network Analyzer 授权问题漏洞
Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. An authorization issue vulnerability exists in Nagios Network Analyzer version 2024R1.0.3, which stems from improper access control that allows a low-privileged user to perform...
CVE-2025-28131
CVE-2025-28131 concerns a Broken Access Control in Nagios Network Analyzer 2024R1.0.3. Multiple sources describe that low-privilege users with Read-Only access can perform administrative actions (e.g., stopping system services and deleting critical resources) due to improper authorization enforce...
CVE-2025-28131
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enablin...