Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by Nagios Enterprises
CVE-2025-34288 (GCVE-0-2025-34288)
Vulnerability from nvd – Published: 2025-12-16 22:17 – Updated: 2026-05-14 02:08
VLAI
Title
Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo
Summary
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.nagios.com/changelog/nagios-xi/2026r1-1/ | release-notespatch |
| https://www.vulncheck.com/advisories/nagios-xi-pr… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nagios Enterprises | Nagios XI |
Affected:
0 , < 2026R1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T04:55:17.940312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:32.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nagios XI",
"vendor": "Nagios Enterprises",
"versions": [
{
"lessThan": "2026R1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026R1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M. Cory Billington of theyhack.me"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nagios XI versions prior to 2026R1.1 are\u0026nbsp;vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user\u2011accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower\u2011privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user."
}
],
"value": "Nagios XI versions prior to 2026R1.1 are\u00a0vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user\u2011accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower\u2011privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:08:10.158Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.nagios.com/changelog/nagios-xi/2026r1-1/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-writable-php-include-executed-with-sudo"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to the vendor changelog, this issue was addressed by changing the ownership of constants.inc.php.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "According to the vendor changelog, this issue was addressed by changing the ownership of constants.inc.php."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34288",
"datePublished": "2025-12-16T22:17:02.004Z",
"dateReserved": "2025-04-15T19:15:22.581Z",
"dateUpdated": "2026-05-14T02:08:10.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-10029 (GCVE-0-2012-10029)
Vulnerability from nvd – Published: 2025-08-05 20:03 – Updated: 2026-05-15 11:13
VLAI
Title
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection
Summary
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/23227 | exploit |
| https://packetstorm.news/files/id/118705/ | exploit |
| https://www.nagios.com/products/nagios-xi/ | product |
| https://www.vulncheck.com/advisories/nagios-xi-ne… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nagios Enterprises | Nagios XI Graph Explorer |
Affected:
0 , < 1.3
(custom)
|
Date Public
2012-12-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2012-10029",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:13:18.530298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:13:21.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23227"
},
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/118705/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"visApi.php within the Graph Explorer plugin"
],
"product": "Nagios XI Graph Explorer",
"vendor": "Nagios Enterprises",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:xi_graph_explorer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Compton"
}
],
"datePublic": "2012-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution."
}
],
"value": "Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:56.158Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23227"
},
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/118705/"
},
{
"tags": [
"product"
],
"url": "https://www.nagios.com/products/nagios-xi/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nagios XI Network Monitor Graph Explorer Component \u003c 1.3 Authenticated Command Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2012-10029",
"datePublished": "2025-08-05T20:03:35.395Z",
"dateReserved": "2025-08-05T16:09:57.147Z",
"dateUpdated": "2026-05-15T11:13:56.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-8641 (GCVE-0-2016-8641)
Vulnerability from nvd – Published: 2018-08-01 14:00 – Updated: 2024-08-06 02:27
VLAI
Summary
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Severity
6.7 (Medium)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40774/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/NagiosEnterprises/nagioscore/c… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95121 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201702-26 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nagios Enterprises | nagios |
Affected:
4.2.x
|
Date Public
2016-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nagios",
"vendor": "Nagios Enterprises",
"versions": [
{
"status": "affected",
"version": "4.2.x"
}
]
}
],
"datePublic": "2016-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It\u0027s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8641",
"datePublished": "2018-08-01T14:00:00.000Z",
"dateReserved": "2016-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34288 (GCVE-0-2025-34288)
Vulnerability from cvelistv5 – Published: 2025-12-16 22:17 – Updated: 2026-05-14 02:08
VLAI
Title
Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo
Summary
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.nagios.com/changelog/nagios-xi/2026r1-1/ | release-notespatch |
| https://www.vulncheck.com/advisories/nagios-xi-pr… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nagios Enterprises | Nagios XI |
Affected:
0 , < 2026R1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T04:55:17.940312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:32.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nagios XI",
"vendor": "Nagios Enterprises",
"versions": [
{
"lessThan": "2026R1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026R1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M. Cory Billington of theyhack.me"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nagios XI versions prior to 2026R1.1 are\u0026nbsp;vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user\u2011accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower\u2011privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user."
}
],
"value": "Nagios XI versions prior to 2026R1.1 are\u00a0vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user\u2011accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower\u2011privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:08:10.158Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.nagios.com/changelog/nagios-xi/2026r1-1/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-writable-php-include-executed-with-sudo"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to the vendor changelog, this issue was addressed by changing the ownership of constants.inc.php.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "According to the vendor changelog, this issue was addressed by changing the ownership of constants.inc.php."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34288",
"datePublished": "2025-12-16T22:17:02.004Z",
"dateReserved": "2025-04-15T19:15:22.581Z",
"dateUpdated": "2026-05-14T02:08:10.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-10029 (GCVE-0-2012-10029)
Vulnerability from cvelistv5 – Published: 2025-08-05 20:03 – Updated: 2026-05-15 11:13
VLAI
Title
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection
Summary
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://www.exploit-db.com/exploits/23227 | exploit |
| https://packetstorm.news/files/id/118705/ | exploit |
| https://www.nagios.com/products/nagios-xi/ | product |
| https://www.vulncheck.com/advisories/nagios-xi-ne… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nagios Enterprises | Nagios XI Graph Explorer |
Affected:
0 , < 1.3
(custom)
|
Date Public
2012-12-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2012-10029",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:13:18.530298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:13:21.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23227"
},
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/118705/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"visApi.php within the Graph Explorer plugin"
],
"product": "Nagios XI Graph Explorer",
"vendor": "Nagios Enterprises",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:xi_graph_explorer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Compton"
}
],
"datePublic": "2012-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution."
}
],
"value": "Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:56.158Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/23227"
},
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/118705/"
},
{
"tags": [
"product"
],
"url": "https://www.nagios.com/products/nagios-xi/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nagios XI Network Monitor Graph Explorer Component \u003c 1.3 Authenticated Command Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2012-10029",
"datePublished": "2025-08-05T20:03:35.395Z",
"dateReserved": "2025-08-05T16:09:57.147Z",
"dateUpdated": "2026-05-15T11:13:56.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-8641 (GCVE-0-2016-8641)
Vulnerability from cvelistv5 – Published: 2018-08-01 14:00 – Updated: 2024-08-06 02:27
VLAI
Summary
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Severity
6.7 (Medium)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40774/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/NagiosEnterprises/nagioscore/c… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95121 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201702-26 | vendor-advisoryx_refsource_GENTOO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nagios Enterprises | nagios |
Affected:
4.2.x
|
Date Public
2016-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nagios",
"vendor": "Nagios Enterprises",
"versions": [
{
"status": "affected",
"version": "4.2.x"
}
]
}
],
"datePublic": "2016-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It\u0027s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8641",
"datePublished": "2018-08-01T14:00:00.000Z",
"dateReserved": "2016-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201805-0698
Vulnerability from variot - Updated: 2024-02-20 02:29A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0698",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xi",
"scope": "lt",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "lte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.9"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.0"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.0"
},
{
"model": "xi",
"scope": "lt",
"trust": 0.8,
"vendor": "nagios enterprises",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.2.*"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.*,\u003c5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.10"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.5"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.8"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.2.4"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.11"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.4"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.6"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.9"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.12"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09749"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
},
{
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.9",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.13",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"cve": "CVE-2018-10736",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10736",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09749",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10736",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10736",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-09749",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-493",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-10736",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09749"
},
{
"db": "VULMON",
"id": "CVE-2018-10736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
},
{
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "CNVD",
"id": "CNVD-2018-09749"
},
{
"db": "VULMON",
"id": "CVE-2018-10736"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10736",
"trust": 3.1
},
{
"db": "SEEBUG",
"id": "SSVID-97266",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005056",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09749",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "39816",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-493",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-10736",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09749"
},
{
"db": "VULMON",
"id": "CVE-2018-10736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
},
{
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"id": "VAR-201805-0698",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09749"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09749"
}
]
},
"last_update_date": "2024-02-20T02:29:40.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Nagios XI",
"trust": 0.8,
"url": "https://www.nagios.com/products/nagios-xi/"
},
{
"title": "Nagios XI SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83428"
},
{
"title": "pocassist database",
"trust": 0.1,
"url": "https://github.com/jweny/pocassistdb "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-10736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.seebug.org/vuldb/ssvid-97266"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10736"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10736"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39816"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
},
{
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09749"
},
{
"db": "VULMON",
"id": "CVE-2018-10736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
},
{
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09749"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10736"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-493"
},
{
"date": "2018-05-16T13:29:00.343000",
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09749"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10736"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005056"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-493"
},
{
"date": "2018-06-15T19:35:49.313000",
"db": "NVD",
"id": "CVE-2018-10736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nagios XI In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-493"
}
],
"trust": 0.6
}
}
VAR-202108-1481
Vulnerability from variot - Updated: 2023-12-18 13:17Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xi switch wizard",
"scope": "lt",
"trust": 1.0,
"vendor": "nagios",
"version": "2.5.7"
},
{
"model": "xi switch wizard",
"scope": "eq",
"trust": 0.8,
"vendor": "nagios enterprises",
"version": null
},
{
"model": "xi switch wizard",
"scope": "eq",
"trust": 0.8,
"vendor": "nagios enterprises",
"version": "2.5.7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"db": "NVD",
"id": "CVE-2021-37344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi_switch_wizard:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37344"
}
]
},
"cve": "CVE-2021-37344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-37344",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-399172",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-37344",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-37344",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1355",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-399172",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-37344",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-399172"
},
{
"db": "VULMON",
"id": "CVE-2021-37344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"db": "NVD",
"id": "CVE-2021-37344"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"db": "VULHUB",
"id": "VHN-399172"
},
{
"db": "VULMON",
"id": "CVE-2021-37344"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37344",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010756",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1355",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-399172",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-37344",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-399172"
},
{
"db": "VULMON",
"id": "CVE-2021-37344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"db": "NVD",
"id": "CVE-2021-37344"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
]
},
"id": "VAR-202108-1481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-399172"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:17:44.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Nagios\u00a0XI\u00a0Change\u00a0Log",
"trust": 0.8,
"url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-399172"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"db": "NVD",
"id": "CVE-2021-37344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37344"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-399172"
},
{
"db": "VULMON",
"id": "CVE-2021-37344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"db": "NVD",
"id": "CVE-2021-37344"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-399172"
},
{
"db": "VULMON",
"id": "CVE-2021-37344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"db": "NVD",
"id": "CVE-2021-37344"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-399172"
},
{
"date": "2021-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37344"
},
{
"date": "2022-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"date": "2021-08-13T12:15:07.007000",
"db": "NVD",
"id": "CVE-2021-37344"
},
{
"date": "2021-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-399172"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37344"
},
{
"date": "2022-07-07T05:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-010756"
},
{
"date": "2021-08-24T14:17:17.803000",
"db": "NVD",
"id": "CVE-2021-37344"
},
{
"date": "2021-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nagios\u00a0XI\u00a0Switch\u00a0Wizard\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010756"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1355"
}
],
"trust": 0.6
}
}
VAR-201805-0697
Vulnerability from variot - Updated: 2023-12-18 12:44A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source, free network monitoring tool that effectively monitors host status on Windows, Linux and Unix, network devices such as switch routers, and printers. A SQL injection vulnerability exists in NagiosXI 5.4.12 and earlier versions of the admin/commandline.phpcname parameter, which can be exploited by remote attackers to execute arbitrary SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0697",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xi",
"scope": "lt",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "lte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.9"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.0"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.0"
},
{
"model": "xi",
"scope": "lt",
"trust": 0.8,
"vendor": "nagios enterprises",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.*\u003c5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.2.*"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.10"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.5"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.8"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.11"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.3"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.4"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.6"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.9"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.12"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.13",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.9",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10735"
}
]
},
"cve": "CVE-2018-10735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10735",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09720",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10735",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10735",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-09720",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-494",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source, free network monitoring tool that effectively monitors host status on Windows, Linux and Unix, network devices such as switch routers, and printers. A SQL injection vulnerability exists in NagiosXI 5.4.12 and earlier versions of the admin/commandline.phpcname parameter, which can be exploited by remote attackers to execute arbitrary SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "CNVD",
"id": "CNVD-2018-09720"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10735",
"trust": 3.0
},
{
"db": "SEEBUG",
"id": "SSVID-97265",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005055",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09720",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "39817",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-494",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"id": "VAR-201805-0697",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09720"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09720"
}
]
},
"last_update_date": "2023-12-18T12:44:03.501000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Nagios XI",
"trust": 0.8,
"url": "https://www.nagios.com/products/nagios-xi/"
},
{
"title": "Nagios XI SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "NVD",
"id": "CVE-2018-10735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.seebug.org/vuldb/ssvid-97265"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10735"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10735"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39817"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09720"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"date": "2018-05-16T13:29:00.297000",
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09720"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005055"
},
{
"date": "2018-06-15T19:35:55.737000",
"db": "NVD",
"id": "CVE-2018-10735"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nagios XI In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005055"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-494"
}
],
"trust": 0.6
}
}
VAR-201805-0699
Vulnerability from variot - Updated: 2023-12-18 12:36A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0699",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xi",
"scope": "lt",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "lte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.9"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.0"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.0"
},
{
"model": "xi",
"scope": "lt",
"trust": 0.8,
"vendor": "nagios enterprises",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.2.*"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.*,\u003c5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.10"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.5"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.8"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.11"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.3"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.6"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.9"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.12"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.2"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09748"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.9",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.13",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10737"
}
]
},
"cve": "CVE-2018-10737",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10737",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09748",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10737",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10737",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-09748",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-492",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-10737",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09748"
},
{
"db": "VULMON",
"id": "CVE-2018-10737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "CNVD",
"id": "CNVD-2018-09748"
},
{
"db": "VULMON",
"id": "CVE-2018-10737"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10737",
"trust": 3.1
},
{
"db": "SEEBUG",
"id": "SSVID-97267",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005057",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09748",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "39815",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-492",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-10737",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09748"
},
{
"db": "VULMON",
"id": "CVE-2018-10737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"id": "VAR-201805-0699",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09748"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09748"
}
]
},
"last_update_date": "2023-12-18T12:36:46.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Nagios XI",
"trust": 0.8,
"url": "https://www.nagios.com/products/nagios-xi/"
},
{
"title": "Nagios XI SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83427"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "NVD",
"id": "CVE-2018-10737"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.seebug.org/vuldb/ssvid-97267"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10737"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10737"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39815"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-10737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09748"
},
{
"db": "VULMON",
"id": "CVE-2018-10737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09748"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10737"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"date": "2018-05-16T13:29:00.373000",
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09748"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10737"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005057"
},
{
"date": "2018-06-15T19:36:32.220000",
"db": "NVD",
"id": "CVE-2018-10737"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nagios XI In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005057"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-492"
}
],
"trust": 0.6
}
}
VAR-201308-0251
Vulnerability from variot - Updated: 2023-12-18 12:09The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. Nagstamon is a Nagios status monitor. These sensitive information can be obtained by obtaining the plaintext BASE64 data in the HTTP BASIC verification header. A remote attacker can exploit the vulnerability to obtain such sensitive information, such as authentication credentials. Nagstamon is prone to an information-disclosure vulnerability. Versions prior to Nagstamon 0.9.10 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-03
http://security.gentoo.org/
Severity: High Title: Nagstamon: Information disclosure Date: January 06, 2014 Bugs: #476538 ID: 201401-03
Synopsis
A vulnerability in Nagstamon could expose user credentials to a remote attacker.
Workaround
There is no known workaround at this time.
Resolution
All Nagstamon users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/nagstamon-0.9.11_rc1"
References
[ 1 ] CVE-2013-4114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4114
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.4"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.7"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.10"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.11"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.3"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.5"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.8"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.2"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.6"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.6,
"vendor": "henri wahl",
"version": "0.5.9"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.7.0"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.6"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.6"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.4"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.6.1"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.3"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.5.13"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.6.2"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.8.0"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.8.2"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.1"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.0"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.8"
},
{
"model": "nagstamon",
"scope": "lte",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.9"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.8.1"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.2"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.7"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.7.1"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.6.1"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 1.0,
"vendor": "henri wahl",
"version": "0.9.5"
},
{
"model": "nagstamont",
"scope": "lt",
"trust": 0.8,
"vendor": "nagios enterprises",
"version": "0.9.10"
},
{
"model": "nagstamon",
"scope": "eq",
"trust": 0.6,
"vendor": "nagstamon",
"version": "0.9.10"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "BID",
"id": "61120"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:henri_wahl:nagstamon:0.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by vendor.",
"sources": [
{
"db": "BID",
"id": "61120"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4114",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-4114",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-09764",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4114",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-09764",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-260",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. Nagstamon is a Nagios status monitor. These sensitive information can be obtained by obtaining the plaintext BASE64 data in the HTTP BASIC verification header. A remote attacker can exploit the vulnerability to obtain such sensitive information, such as authentication credentials. Nagstamon is prone to an information-disclosure vulnerability. \nVersions prior to Nagstamon 0.9.10 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201401-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Nagstamon: Information disclosure\n Date: January 06, 2014\n Bugs: #476538\n ID: 201401-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in Nagstamon could expose user credentials to a remote\nattacker. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Nagstamon users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=net-analyzer/nagstamon-0.9.11_rc1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-4114\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4114\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "BID",
"id": "61120"
},
{
"db": "PACKETSTORM",
"id": "124672"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4114",
"trust": 3.4
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/07/11/7",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "54276",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "54072",
"trust": 1.6
},
{
"db": "BID",
"id": "61120",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-09764",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20130711 RE: CVE REQUEST -- NAGSTAMON (PRIOR 0.9.10): MONITOR SERVER USER CREDENTIALS EXPOSURE IN AUTOMATED REQUESTS TO GET UPDATE INFORMATION",
"trust": 0.6
},
{
"db": "SUSE",
"id": "OPENSUSE-SU-2013:1235",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124672",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "BID",
"id": "61120"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"db": "PACKETSTORM",
"id": "124672"
},
{
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
]
},
"id": "VAR-201308-0251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
}
]
},
"last_update_date": "2023-12-18T12:09:08.812000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 476538",
"trust": 0.8,
"url": "https://bugs.gentoo.org/show_bug.cgi?id=476538"
},
{
"title": "Bug 983673",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=983673 "
},
{
"title": "2013-07-11: Update check security bug",
"trust": 0.8,
"url": "http://nagstamon.ifw-dresden.de/docs/security/"
},
{
"title": "Nagstamon Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/35186"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"db": "NVD",
"id": "CVE-2013-4114"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://bugs.gentoo.org/show_bug.cgi?id=476538"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00072.html"
},
{
"trust": 1.6,
"url": "http://nagstamon.ifw-dresden.de/docs/security/"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/54072"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/54276"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/7"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=983673"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4114"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4114"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61120"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4114"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201401-03.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4114"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"db": "PACKETSTORM",
"id": "124672"
},
{
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "BID",
"id": "61120"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"db": "PACKETSTORM",
"id": "124672"
},
{
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"date": "2013-07-11T00:00:00",
"db": "BID",
"id": "61120"
},
{
"date": "2013-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"date": "2014-01-06T23:19:25",
"db": "PACKETSTORM",
"id": "124672"
},
{
"date": "2013-08-16T17:55:05.130000",
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"date": "2013-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"date": "2015-04-16T17:50:00",
"db": "BID",
"id": "61120"
},
{
"date": "2013-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003763"
},
{
"date": "2013-08-21T18:37:25.093000",
"db": "NVD",
"id": "CVE-2013-4114"
},
{
"date": "2013-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "124672"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nagstamon Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-09764"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-260"
}
],
"trust": 0.6
}
}
VAR-201805-0700
Vulnerability from variot - Updated: 2023-12-18 12:01A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc. Remote attackers can use this vulnerability to execute arbitrary SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0700",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xi",
"scope": "lt",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "lte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.9"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.4.0"
},
{
"model": "xi",
"scope": "gte",
"trust": 1.0,
"vendor": "nagios",
"version": "5.2.0"
},
{
"model": "xi",
"scope": "lt",
"trust": 0.8,
"vendor": "nagios enterprises",
"version": "5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.2.*"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.*,\u003c5.4.13"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.10"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.5"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.8"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.11"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.3"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.4"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.6"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.9"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.12"
},
{
"model": "xi",
"scope": "eq",
"trust": 0.6,
"vendor": "nagios",
"version": "5.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09747"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.9",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.13",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10738"
}
]
},
"cve": "CVE-2018-10738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10738",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09747",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10738",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10738",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-09747",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-491",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09747"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc. Remote attackers can use this vulnerability to execute arbitrary SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "CNVD",
"id": "CNVD-2018-09747"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10738",
"trust": 3.0
},
{
"db": "SEEBUG",
"id": "SSVID-97268",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005058",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09747",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "39814",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-491",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09747"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"id": "VAR-201805-0700",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09747"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09747"
}
]
},
"last_update_date": "2023-12-18T12:01:57.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Nagios XI",
"trust": 0.8,
"url": "https://www.nagios.com/products/nagios-xi/"
},
{
"title": "Nagios XI SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83426"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "NVD",
"id": "CVE-2018-10738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.seebug.org/vuldb/ssvid-97268"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10738"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10738"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39814"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09747"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09747"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"date": "2018-05-16T13:29:00.420000",
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09747"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005058"
},
{
"date": "2018-06-15T19:35:37.937000",
"db": "NVD",
"id": "CVE-2018-10738"
},
{
"date": "2018-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nagios XI In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005058"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-491"
}
],
"trust": 0.6
}
}