Opsview: >> Opsview >> 4.6.3 Security Vulnerabilities
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-09-05
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.
CVSS Score
9.8
EPSS Score
0.254
Published
2018-09-05
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.
CVSS Score
8.1
EPSS Score
0.01
Published
2018-09-05
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-09-05
Opsview before 2015-11-06 has XSS via SNMP.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-10