Nagios Xi@5.5.6 Security Vulnerabilities and Issues — Nagios Xi@5.5.6 CVE List

Lucene search

NagiosNagios Xi5.5.6

7 matches found

CVE•added 2018/11/14 6:29 p.m.•169 views

CVE-2018-15708

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

9.8CVSS9.5AI score0.92041EPSS

CVE•added 2018/11/14 6:29 p.m.•143 views

CVE-2018-15710

Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.

7.8CVSS8.3AI score0.78984EPSS

CVE•added 2018/11/14 6:29 p.m.•45 views

CVE-2018-15712

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.

6.1CVSS6.4AI score0.11737EPSS

CVE•added 2018/11/14 6:29 p.m.•45 views

CVE-2018-15714

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.

6.1CVSS6.8AI score0.21371EPSS

CVE•added 2018/11/14 6:29 p.m.•44 views

CVE-2018-15711

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

8.8CVSS8.4AI score0.31734EPSS

CVE•added 2018/11/14 6:29 p.m.•43 views

CVE-2018-15713

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.

5.4CVSS5.9AI score0.03705EPSS

CVE•added 2018/11/14 6:29 p.m.•41 views

CVE-2018-15709

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.

8.8CVSS8.6AI score0.11157EPSS