A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.
References
Link | Resource |
---|---|
http://nagios.com | Product |
https://outpost24.com/blog/nagios-xi-vulnerabilities/ | Third Party Advisory |
https://www.nagios.com/products/security/ | Vendor Advisory |
Configurations
History
22 Sep 2023, 01:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Nagios
Nagios nagios Xi |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-89 | |
References | (MISC) http://nagios.com - Product | |
References | (MISC) https://www.nagios.com/products/security/ - Vendor Advisory | |
References | (MISC) https://outpost24.com/blog/nagios-xi-vulnerabilities/ - Third Party Advisory | |
CPE | cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* |
19 Sep 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-19 23:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-40934
Mitre link : CVE-2023-40934
CVE.ORG link : CVE-2023-40934
JSON object : View
Products Affected
nagios
- nagios_xi
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')