Nagios Xi Security Vulnerabilities and Issues — Nagios Xi CVE List

Lucene search

NagiosNagios Xi

6 matches found

CVE•added 2018/04/18 12:29 a.m.•80 views

CVE-2018-8736

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.

9CVSS8.6AI score0.67977EPSS

CVE•added 2018/04/18 12:29 a.m.•77 views

CVE-2018-8735

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

9CVSS9.1AI score0.76531EPSS

CVE•added 2018/04/18 12:29 a.m.•71 views

CVE-2018-8733

Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.

9.8CVSS9.4AI score0.79722EPSS

CVE•added 2018/04/18 12:29 a.m.•69 views

CVE-2018-8734

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

9.8CVSS9.6AI score0.78955EPSS

CVE•added 2018/04/30 3:29 a.m.•44 views

CVE-2018-10553

An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.

6.5CVSS6.2AI score0.03957EPSS

CVE•added 2018/04/30 3:29 a.m.•41 views

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelp...

5.4CVSS5.5AI score0.02176EPSS