Nagios

Nagios Xi

195 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2021-3273

Exploit
  • EPSS 22.91%
  • Veröffentlicht 25.02.2021 14:15:12
  • Zuletzt bearbeitet 21.11.2024 06:21:11

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

7.2

CVE-2020-22427

Exploit
  • EPSS 27.79%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:13:16

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all techn...

8.8

CVE-2020-24899

Exploit
  • EPSS 4.47%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:16:10

Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.

9

CVE-2021-25296

Warnung Exploit
  • EPSS 93.56%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 03.11.2025 15:14:53

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by ...

9

CVE-2021-25297

Warnung Exploit
  • EPSS 79.89%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 03.11.2025 15:13:58

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single...

9

CVE-2021-25298

Warnung Exploit
  • EPSS 75.47%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 03.11.2025 15:13:53

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a si...

6.1

CVE-2021-25299

Exploit
  • EPSS 85.16%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:54:42

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an...

9.8

CVE-2021-3193

  • EPSS 25.4%
  • Veröffentlicht 26.01.2021 18:16:28
  • Zuletzt bearbeitet 21.11.2024 06:21:06

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.

9

CVE-2020-35578

Exploit
  • EPSS 85.2%
  • Veröffentlicht 13.01.2021 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:37

An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.

5.4

CVE-2020-27990

  • EPSS 5.95%
  • Veröffentlicht 16.11.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:22:09

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).