Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
References
Link | Resource |
---|---|
https://www.nagios.com/products/security/ | Vendor Advisory |
Configurations
History
01 Feb 2021, 15:13
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.nagios.com/products/security/ - Vendor Advisory |
26 Jan 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-26 18:16
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3193
Mitre link : CVE-2021-3193
CVE.ORG link : CVE-2021-3193
JSON object : View
Products Affected
nagios
- nagios_xi
CWE