CVE-2021-37223 | Severity.io

Description

Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.

Related CPE's

Vulnerable

References

http://nagios.com

Vendor Advisory

https://www.nagios.com/downloads/nagios-xi/change-log/

Release NotesVendor Advisory

http://nagios.com

Vendor Advisory

https://www.nagios.com/downloads/nagios-xi/change-log/

Release NotesVendor Advisory

Weaknesses

[email protected]

Primary

CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-05T10:15:07.853Z

4 years ago

Last modified

2024-11-21T05:14:53.860Z

1 year ago