Shodan
Vulnerabilities
Vulnerable Software
Opsview:  >> Opsview  >> 4.4.1  Security Vulnerabilities
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-09-05
CVE-2018-16144
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.
CVSS Score
9.8
EPSS Score
0.254
Published
2018-09-05
CVE-2018-16145
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.
CVSS Score
8.1
EPSS Score
0.01
Published
2018-09-05
CVE-2018-16147
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-09-05
CVE-2015-6035
Opsview before 2015-11-06 has XSS via SNMP.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-10
CVE-2015-4420
Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Test service check page.
CVSS Score
4.3
EPSS Score
0.006
Published
2015-06-18
CVE-2013-7254
Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-01-03
CVE-2013-7255
Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.003
Published
2014-01-03
CVE-2013-7256
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-01-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved