Описание
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
Ссылки
- Vendor Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.4.0 (включая) до 5.4.2 (исключая)
cpe:2.3:a:opsview:opsview:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11078
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
EPSS
Процентиль: 93%
0.11078
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78