7 matches found
CVE-2025-28059
CVE-2025-28059 affects Nagios Network Analyzer 2024R1.0.3. Root cause: improper session invalidation and stale token handling after user deletion, causing active sessions and API tokens to remain valid and grant access to restricted functions. Impact: unauthorized access to system resources. Expl...
CVE-2025-28131
CVE-2025-28131 concerns a Broken Access Control in Nagios Network Analyzer 2024R1.0.3. Multiple sources describe that low-privilege users with Read-Only access can perform administrative actions (e.g., stopping system services and deleting critical resources) due to improper authorization enforce...
CVE-2021-28924
CVE-2021-28924 affects Nagios Network Analyzer prior to 2.4.2. The issue is a Self Authenticated XSS in the nagiosna/groups/queries page. The vulnerability is a client-side scripting flaw that can be triggered by an authenticated user interacting with the affected page, potentially leading to arb...
CVE-2021-28925
Nagios Network Analyzer prior to version 2.4.3 contains a SQL injection vulnerability in the o[col] parameter of api/checks/read/. The issue is due to improper input handling that allows arbitrary SQL execution, potentially enabling an attacker to read and modify database data. Multiple sources c...
CVE-2025-34280
The CVE-2025-34280 affects Nagios Network Analyzer versions prior to 2024R2.0.1. The LDAP certificate management feature fails to sanitize inputs, enabling an authenticated administrator to trigger remote code execution on the host within the web application service privileges. Impact is remote c...
CVE-2025-34278
CVE-2025-34278 affects Nagios Network Analyzer (versions prior to 2024R1). The issue is a stored XSS in the Source Groups page (percentile calculator menu) where an attacker-supplied payload is stored and later rendered in other users’ browsers, executing in the victim’s context. The redhat/europ...
CVE-2023-7319
Nagios Network Analyzer versions prior to 2024R1 are affected by a cross-site scripting (XSS) vulnerability in the Percentile Calculator menu. The root cause is insufficient validation or escaping of user-supplied input, which can allow an attacker to inject and execute arbitrary script in a vict...