Shodan
Vulnerabilities
Vulnerable Software
Nagios:  Security Vulnerabilities
CVE-2019-15898
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
CVSS Score
6.1
EPSS Score
0.079
Published
2019-09-03
CVE-2018-17147
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
CVSS Score
4.8
EPSS Score
0.032
Published
2019-07-10
CVE-2018-17146
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.
CVSS Score
5.4
EPSS Score
0.03
Published
2019-06-19
CVE-2018-17148
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19
CVE-2019-12279
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck
CVSS Score
9.8
EPSS Score
0.214
Published
2019-05-22
CVE-2019-9166
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-03-28
CVE-2019-9167
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
CVSS Score
6.1
EPSS Score
0.142
Published
2019-03-28
CVE-2019-9165
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
CVSS Score
9.8
EPSS Score
0.066
Published
2019-03-28
CVE-2019-9202
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
CVSS Score
8.8
EPSS Score
0.425
Published
2019-03-28
CVE-2019-9203
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
CVSS Score
9.8
EPSS Score
0.055
Published
2019-03-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved