Nagios

Nagios Xi

189 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2020-36857

  • EPSS 0.33%
  • Veröffentlicht 30.10.2025 21:31:41
  • Zuletzt bearbeitet 05.11.2025 18:25:26

Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative...

9.8

CVE-2012-10063

  • EPSS 1%
  • Veröffentlicht 30.10.2025 21:31:21
  • Zuletzt bearbeitet 06.11.2025 15:09:58

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially a...

8.8

CVE-2020-36856

  • EPSS 0.25%
  • Veröffentlicht 30.10.2025 21:30:59
  • Zuletzt bearbeitet 05.11.2025 18:26:02

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation of the `address` parameter allows an authenticated user with access to the Core Config Mana...

5.5

CVE-2024-14002

  • EPSS 0.52%
  • Veröffentlicht 30.10.2025 21:30:39
  • Zuletzt bearbeitet 06.11.2025 16:23:37

Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive in...

8.8

CVE-2025-34284

Medienbericht
  • EPSS 0.59%
  • Veröffentlicht 30.10.2025 21:30:19
  • Zuletzt bearbeitet 06.11.2025 18:14:12

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into back...

8.8

CVE-2024-13995

  • EPSS 1.23%
  • Veröffentlicht 30.10.2025 21:29:55
  • Zuletzt bearbeitet 06.11.2025 16:17:59

Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API ke...

6.5

CVE-2025-34283

  • EPSS 0.95%
  • Veröffentlicht 30.10.2025 21:29:37
  • Zuletzt bearbeitet 06.11.2025 18:14:36

Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.

9.8

CVE-2024-13994

  • EPSS 0.07%
  • Veröffentlicht 30.10.2025 21:29:17
  • Zuletzt bearbeitet 06.11.2025 16:18:33

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. Thi...

9.8

CVE-2024-13999

  • EPSS 0.59%
  • Veröffentlicht 30.10.2025 21:28:50
  • Zuletzt bearbeitet 06.11.2025 16:15:10

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misu...

8.8

CVE-2025-34227

Exploit
  • EPSS 1.38%
  • Veröffentlicht 25.09.2025 17:15:38
  • Zuletzt bearbeitet 14.10.2025 19:53:44

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provide...