Description

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.

Related CPE's

a

nagios

nagios_xi

Vulnerable

References

https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi

Third Party Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-89

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-14T13:15:08.990Z

4 years ago

Last modified

2024-11-21T05:08:27.510Z

1 year ago