← Zuruck zu CVEs
CVE-2021-37223
MEDIUM6.5
Beschreibung
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht10/5/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
nagios:nagios_xi
Schwachen (CWE)
CWE-918
Referenzen
http://nagios.com(cve@mitre.org)
https://www.nagios.com/downloads/nagios-xi/change-log/(cve@mitre.org)
http://nagios.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.nagios.com/downloads/nagios-xi/change-log/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.