Details of VAR-201806-1889

ID

VAR-201806-1889

TITLE

Nagios XI has multiple SQL injection vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2018-09550

DESCRIPTION

Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc. Nagios XI has multiple SQL injection vulnerabilities. An attacker can use the vulnerability to obtain sensitive database information.

Trust: 0.6

sources: CNVD: CNVD-2018-09550

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-09550

AFFECTED PRODUCTS

vendor:

nagios

model:

nagiox xi

scope:

lte

version:

<=5.4.12

Trust: 0.6

sources: CNVD: CNVD-2018-09550

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-09550
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2018-09550
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-09550

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-09550

Trust: 0.6

sources: CNVD: CNVD-2018-09550

SOURCES

db:

CNVD

id:

CNVD-2018-09550

LAST UPDATE DATE

2022-05-04T09:16:59.347000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-09550

date:

2018-05-21T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-09550

date:

2018-06-25T00:00:00