Headline
CVE-2019-9167: Security Disclosures - Nagios
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
Notice: Spring4Shell Vulnerability – Nagios does not use the Java Spring framework****Notice: Our response to CVE-2021-44228 and log4j in Nagios products****Reporting Security Vulnerabilities
At Nagios, we make security a priority. We strive to patch any security issues in a timely manner. We highly recommend using the latest versions available of our software. The latest versions will include security fixes that remediate the vulnerabilites shown below.
Please send security vulnerabilities found in any of the Nagios commercial products and security related emails to [email protected]. All non-security related bug reports should be given through a Support Ticket or through a post on the Support Forum.
Disclosed Vulnerabilites
Below is a listing of CVEs for patched security vulnurabilites that have been disclosed for Nagios products. Product version below does not mean that the security issue is only in that product version. Upgrade to the latest version to ensure all known vulnerabilities are patched. Scroll down to see all products.
Nagios XI 5.8
CVE
Vulnerability Summary
Remediation Summary
CVE-2022-29272
Certain crafted redirect URLs on the login page could be redirected to external URLs.
Upgrade to Nagios XI 5.8.9 or above
CVE-2022-29271
Read-only users are able to submit a specific command to the schedule downtime page that would schedule downtimes.
Upgrade to Nagios XI 5.8.9 or above
CVE-2022-29270
When changing a user’s email addresses, users are not required to confirm their password which could be used to reset a user’s password via email.
Upgrade to Nagios XI 5.8.9 or above
CVE-2022-29269
Users could send HTML via setting the scheduled reporting message to have HTML code in it.
Upgrade to Nagios XI 5.8.9 or above
CVE-2021-40345
Command injection security vulnerability in the cmdsubsys.php cron job for installation of dashlets, components, and config wizards.
Upgrade to Nagios XI 5.8.6 or above
CVE-2021-40343
Permission security issue with file permissions for the migration script “nagios_unbundler.py” which could allow arbitrary code execution.
Upgrade to Nagios XI 5.8.6 or above
CVE-2021-40344
Security issue with file validation in the admin custom includes component allowed php files to be uploaded and executed.
Upgrade to Nagios XI 5.8.6 or above or upgrade Custom Includes component to version 1.1.0 or above
CVE-2021-38156
XSS vulnerability in Manage My Dashboards edit dashboard title functionality.
Upgrade to Nagios XI 5.8.6 or above
CVE-2021-37223
SSRF in Scheduled Reports when the report url is from outside the Nagios XI system.
Upgrade to Nagios XI 5.8.6 or above
CVE-2021-33177
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-33178
The Manage Backgrounds functionality within Nagvis versions prior to 2.0.8 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system as the apache user.
Upgrade to Nagios XI 5.8.6 or above and ensure NagVis component is 2.0.9+
CVE-2021-33179
The general user interface in Nagios XI versions prior to 5.8.5 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37344
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
Upgrade Switch config wizard from Admin > Manage Config Wizards to version 2.5.7 or above.
CVE-2021-37343
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37345
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37346
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
Upgrade WatchGuard config wizard from Admin > Manage Config Wizards to version 1.4.8 or above.
CVE-2021-37347
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37348
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37349
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37350
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37351
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37352
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-37353
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php
Upgrade Docker config wizard from Admin > Manage Config Wizards to version 1.1.3 or above.
CVE-2021-36363
CVE-2021-36365
Local privilege escalation due to insecure permissions of the migrate.php and the repairmysql.sh files.
Upgrade to Nagios XI 5.8.5 or above
CVE-2021-36364
CVE-2021-36366
Local privilege escalation due to wildcard expansion in backup_xi.sh and manage_services.sh files.
Upgrade to Nagios XI 5.8.5 or above
Nagios XI 5.7
CVE
Vulnerability Summary
Remediation Summary
CVE-2021-25299
XSS vulnerability in the SSH Terminal page.
Upgrade to Nagios XI 5.8.0 or above
CVE-2021-25298
OS command injection as the apache user through variables passed into the Config Wizard.
Upgrade the Cloud-VM config wizard from Admin > Manage Config Wizards to version 1.0.4 or above.
CVE-2021-25297
OS command injection as the apache user through variables passed into the Config Wizard.
Upgrade the Switch config wizard from Admin > Manage Config Wizards to version 2.5.4 or above.
CVE-2021-25296
OS command injection as the apache user through variables passed into the Config Wizard.
Upgrade the Windows WMI config wizard from Admin > Manage Config Wizards to version 2.2.3 or above.
CVE-2021-3193
Unauthenticated remote code execution (RCE) vulnerability as the apache user in Nagios XI in the Docker config wizard.
Upgrade the Docker config wizard from Admin > Manage Config Wizards to version 1.1.2 or above.
CVE-2021-26023
CVE-2021-26024
XSS vulnerability and IDOR allowing users to add a favorite to other users security vulnerability in Favorites component.
Upgrade the Favorites component from Admin > Manage Components to version 1.0.2 or above.
CVE-2020-35578
Remote code execution (RCE) vulnerability in Nagios XI in Manage Plugins page when uploading plugin with option to convert line endings.
Upgrade to Nagios XI 5.8.0 or above.
CVE-2020-28910
Creation of a Temporary Directory with Insecure Permissions allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Upgrade to Nagios XI 5.8.4 or above for full changes.
CVE-2020-28648
Remote code execution (RCE) from improper input validation in the Auto-Discovery component allows an authenticated attacker to execute remote code.
Upgrade to Nagios XI 5.7.5 or above.
CVE-2020-5790
Cross-site request forgery (CSRF) vulnerabilities in Nagios XI for SNMP Trap Sender and Manage MIBs admin pages.
Upgrade to Nagios XI 5.7.4 or above.
CVE-2020-5791
An OS command injection vulnerability in the Admin Manage MIBs page. A remote, authenticated attacker with admin privileges may exploit this vulnerability to execute arbitrary OS commands with privileges of the ‘apache’ user.
Upgrade to Nagios XI 5.7.4 or above.
CVE-2020-5792
An OS command argument injection vulnerability in the Send Custom Trap command in the SNMP Trap Interface.
Upgrade to Nagios XI 5.7.4 or above.
CVE-2020-15903
Privilege escalation as user nagios to root in backend scripts that are run as root user due to permissions and included files.
Upgrade to Nagios XI 5.7.3 or above.
CVE-2020-15901
Remote code execution as authenticated user in ajaxhelper.php allows remote attackers to execute arbitrary commands via cmdsubsys.
Upgrade to Nagios XI 5.7.2 or above.
CVE-2020-15902
XSS vulnerability in Graph Explorer via the link url option.
Upgrade to Nagios XI 5.7.2 or above.
Nagios XI 5.6
CVE
Vulnerability Summary
Remediation Summary
X-Force 179406
Possible postauth SQL injection in the SNMP Trap Interface page. User must have administative privliges to access.
Upgrade to Nagios XI 5.6.14 or above.
X-Force 179405
Authenticated remote execution vulnerability in command_test.php script using the address paramater. User must have access to the CCM to access.
Upgrade to Nagios XI 5.6.14 or above.
X-Force 179404
Authenticated remote code execution vulnerabilitiy in export-rrd.php in start, end, or step parameter.
Upgrade to Nagios XI 5.6.14 or above.
CVE-2020-10821
XSS vulnerability as an authenticated user via the account/main.php theme parameter.
Upgrade to Nagios XI 5.6.13 or above.
CVE-2020-10819
CVE-2020-10820
XSS vulnerability as an authenticated administrator via the LDAP/AD component username and password parameters.
Upgrade to Nagios XI 5.6.13 or above.
CVE-2019-20197
Remote command execution as authenticated user. The user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
Upgrade to Nagios XI 5.6.10 or above.
CVE-2019-20139
XSS vulnerability exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. An authenticated user can use this method of attack against any user.
Upgrade the Operations Center component from Admin > Manage Components to version 1.3.3 or above.
CVE-2019-15949
Remote command execution as root vulnerability in Nagios XI’s getprofile.sh script. The script runs when profiles are created via the profile component. User must have access to edit plugins or access to the nagios user on the server.
Upgrade to Nagios XI 5.6.6 or above.
Nagios XI 5.5
CVE
Vulnerability Summary
Remediation Summary
CVE-2019-9164
Command Injection vulnerability that allows specific command to remotely execute code when making a new autodiscovery job. Users must be authenticated and have access to autodiscovery to be able to execute a new job.
Upgrade to Nagios XI 5.5.11 or above.
CVE-2019-9165
SQL Injection vulnerability via the API when using fusekeys and malicious user id.
Upgrade to Nagios XI 5.5.11 or above.
CVE-2019-9166
Root Priviledge Escalation rearding permissions on config.inc.php and import_xiconfig.php allowing non-priviledged users to write to the files. This exploit requires access to the files on the server. Both files should be root owned with no write permissions.
Upgrade to Nagios XI 5.5.11 or above.
CVE-2019-9167
XSS vulnerability that can be passed in using the xiwindow parameter.
Upgrade to Nagios XI 5.5.11 or above.
CVE-2019-9202
Authorized remote code execution in Nagios IM component via API key issues.
Upgrade Nagios IM component to version 2.2.7 or above.
Alternatively, remove the nagiosim component if not in use.
CVE-2019-9203
Authorization bypass in Nagios IM component allowing closing incidents in IM via the API.
Upgrade Nagios IM component to version 2.2.7 or above.
Alternatively, remove the nagiosim component if not in use.
CVE-2019-9204
SQL Injection in Nagios IM component.
Upgrade Nagios IM component to version 2.2.7 or above.
Alternatively, remove the nagiosim component if not in use.
CVE-2018-20171
CVE-2018-20172
Unauthorized XSS vulnerabilities in the rss_dashlet. This is related to the scripts in being URL-accessible from the Magpie RSS scripts scripts directory.
Upgrade to Nagios XI 5.5.8 or above.
For immediate remediation remove the magpierss/scripts directory from rss_dashlet.
CVE-2018-15708
Unauthenticated Remote Code Execution via Command Argument Injection. A critical vulnerability exists in a custom version of Snoopy being used in MagpieRSS which allows a remote, unauthenticated attacker to inject arbitrary arguments into a “curl” command. This can be done by requesting magpie_debug.php with a crafted value specified in the HTTP GET ‘url’ parameter.
Upgrade to Nagios XI 5.5.7 or above.
For immediate remediation remove the rss_dashlet if you are not using it.
CVE-2018-15709
Authenticated Command Injection. The Nagios subsystem is vulnerable to command injection in many cases. An authenticated attacker may inject and execute arbitrary OS commands. Must be an authenticated user (can be non-admin).
Upgrade to Nagios XI 5.5.7 or above.
CVE-2018-15710
Local Privilege Escalation (to root) via Command Injection. An Auto Discovery script suffers from a local command injection vulnerability which can be exploited to gain
root OS privileges. Must be authenticated user with access to Auto Discovery component.
Upgrade to Nagios XI 5.5.7 or above.
CVE-2018-15711
Unauthorized API Key Regeneration. An low-privileged, authenticated user can force API key regeneration for any Nagios XI user (including admins). When the API key is regenerated, the new one is returned in the response body. Must be authenticated user.
Upgrade to Nagios XI 5.5.7 or above.
CVE-2018-15712
Unauthenticated Persistent Cross-site Scripting. A persistent cross-site scripting (XSS) vulnerability exists in the Nagios XI Business Process Intelligence (BPI) component’s api_tool.php.
Upgrade to Nagios XI 5.5.7 or above.
CVE-2018-15713
Authenticated Persistent Cross-site Scripting. A persistent cross-site scripting vulnerability was discovered in Nagios XI in admin/users.php. This vulnerability requires authentication to be exploited successfully.
Upgrade to Nagios XI 5.5.7 or above.
CVE-2018-15714
Reflected Cross-site Scripting. A reflected cross-site scripting vulnerability exists within /usr/local/nagiosxi/html/account/checkauth.php. This vulnerability requires authentication to be exploited successfully.
Upgrade to Nagios XI 5.5.7 or above.
CVE-2018-17147
A cross-site scripting (XSS) vulnerability exists in the auto login admin management page.
Upgrade to Nagios XI 5.5.5 or above.
Nagios XI 5.4
CVE
Vulnerability Summary
Remediation Summary
CVE-2018-10554
An Cross Site Scripting vulernability (XSS) was discovered in Nagios XI 5.4.13 in scheduling new reports, downtime.php, ajaxhelper.php and deploynotifications.
Upgrade to Nagios XI 5.5.0 or above.
CVE-2018-10553
The xiwindow parameter in Nagios XI can be used to load any web-accessible files into the iframe. These files can be accessed via apache normally, without the use of the xiwindow URL parameter.
Avoid keeping any files that should not be accessed (or are not PHP and session authenticated) out of the /usr/local/nagiosxi/html directory.
CVE-2018-8733
Authentication bypass vulnerability in NagiosQL in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
Upgrade to Nagios XI 5.4.13 or above.
For immidiate remediation, remove the /etc/httpd/conf.d/nagiosql.conf apache configuration file and restart apache.
CVE-2018-8734
CVE-2018-10735
CVE-2018-10736
CVE-2018-10737
CVE-2018-10738
SQL injection vulnerabilities in the legacy NagiosQL component in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via different pages and parameters.
Upgrade to Nagios XI 5.4.13 or above.
For immidiate remediation, remove the /etc/httpd/conf.d/nagiosql.conf apache configuration file and restart apache.
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. Attack requires an authenticated user with access to the CCM.
Upgrade to Nagios XI 5.4.13 or above.
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. Attack requires an authenticated user with access to the CCM.
Upgrade to Nagios XI 5.4.13 or above.
Nagios Fusion 4
CVE
Vulnerability Summary
Remediation Summary
CVE-2020-28903
XSS vulnerabilities in data that is displayed in dashboard and dashlets.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28905
Authenticated remote code execution (from the context of low-privileges user) in table pagination.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28902
Privilege escalation from apache to nagios via command injection on timezone parameter in cmd_subsys.php.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28901
Privilege escalation from apache to nagios via command injection on component_dir parameter in cmd_subsys.php.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28904
Privilege escalation from apache to nagios via installation of malicious component.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28900
Privilege escalation from nagios to root via upgrade_to_latest.sh.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28907
Privilege escalation from apache to root via upgrade_to_latest.sh and modification of proxy config.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28906
Privilege escalation from nagios to root via modification of fusion-sys.cfg.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28909
Privilege escalation from nagios to root via modification of scripts that can execute as sudo.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28908
Privilege escalation from apache to nagios via command injection in cmd_subsys.php.
Update to Nagios Fusion 4.1.9 or above
CVE-2020-28911
Lower priviledged user can authenticate to fused server when credentials are stored.
Update to Nagios Fusion 4.1.9 or above
Nagios Network Analyzer 2
CVE
Vulnerability Summary
Remediation Summary
CVE-2021-28925
A SQL injection in the API Sources endpoint.
Update to Nagios Network Analyzer 2.4.3 and above
CVE-2021-28924
A XSS vulnerability has been discovered the Queries page.
Update to Nagios Network Analyzer 2.4.3 and above
Nagios Log Server 2
CVE
Vulnerability Summary
Remediation Summary
CVE-2019-15898
A reflected (XSS) vulnerability has been discovered in Nagios Log Server via the username on the Login page.
Update to Nagios Log Server 2.0.8 and above
CVE-2020-16157
A reflected (XSS) vulnerability has been discovered in Nagios Log Server via the Notification Methods on the Alerts page.
Update to Nagios Log Server 2.1.7 and above
Nagios Core 4
CVE
Vulnerability Summary
Remediation Summary
CVE-2018-18245
A cross-site scripting (XSS) vulnerability has been discovered in Nagios Core. This vulnerability allows attackers to place malicious JavaScript code into the web frontend through manipulation of plugin output.
In order to do this the attacker needs to be able to manipulate the output returned by nagios checks, e.g. by replacing a plugin on one of the monitored endpoints. Execution of the payload then requires that an authenticated user creates an alert summary report which contains the corresponding output.
Update to Nagios Core 4.4.3 or Nagios XI 5.5.9 and above
(You can also patch this with Core maint branch)
Related news
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated
Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.
This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.
SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.
A lack of MFA remains one of the biggest impediments to enterprise security.
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked
A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Open source utility exposes payloads without running vulnerable Java code
MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of the initial disclosure involving Minecraft: Java Edition, to the security of our enterprise services and has not experienced any degradation in availability of those services as a result of this vulnerability.
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.