All the vulnerabilites related to Nagios - Nagios XI
cve-2018-15708
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-09-17 01:55
Severity ?
EPSS score ?
Summary
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46221/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.tenable.com/security/research/tra-2018-37 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46221",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46221/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "5.5.6"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T01:06:05",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "46221",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46221/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46221",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46221/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
},
{
"name": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15708",
"datePublished": "2018-11-14T18:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-17T01:55:50.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15710
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-09-17 00:51
Severity ?
EPSS score ?
Summary
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46221/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.tenable.com/security/research/tra-2018-37 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46221",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46221/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "5.5.6"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T01:06:05",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "46221",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46221/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46221",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46221/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
},
{
"name": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153433/Nagios-XI-Magpie_debug.php-Root-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15710",
"datePublished": "2018-11-14T18:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-17T00:51:15.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15712
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "5.5.6"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T17:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15712",
"datePublished": "2018-11-14T18:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-16T19:09:54.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15711
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-09-17 01:37
Severity ?
EPSS score ?
Summary
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "5.5.6"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T17:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15711",
"datePublished": "2018-11-14T18:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-17T01:37:03.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15713
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "5.5.6"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T17:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15713",
"datePublished": "2018-11-14T18:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-17T01:56:44.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33177
Vulnerability from cvelistv5
Published
2021-10-14 14:55
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "\u003c5.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T14:55:39",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosure@synopsys.com",
"ID": "CVE-2021-33177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "\u003c5.8.5"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2021-33177",
"datePublished": "2021-10-14T14:55:39",
"dateReserved": "2021-05-18T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15714
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-09-16 20:01
Severity ?
EPSS score ?
Summary
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "5.5.6"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T17:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15714",
"datePublished": "2018-11-14T18:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-16T20:01:50.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33179
Vulnerability from cvelistv5
Published
2021-10-14 14:57
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "\u003c5.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T14:57:17",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosure@synopsys.com",
"ID": "CVE-2021-33179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "\u003c5.8.4"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2021-33179",
"datePublished": "2021-10-14T14:57:17",
"dateReserved": "2021-05-18T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15709
Vulnerability from cvelistv5
Published
2018-11-14 18:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2018-37 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "5.5.6"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T17:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15709",
"datePublished": "2018-11-14T18:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-17T02:11:03.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}