Vulnerability Details CVE-2018-10553
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 87.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References