exploitDog

CVE-2021-33177

Опубликовано: 14 окт. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.

Ссылки

https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi
Third Party Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Версия до 5.8.5 (исключая)

EPSS

Процентиль: 97%

0.30647

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-24m7-qjg5-vgqc

github

около 3 лет назад

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.

EPSS

Процентиль: 97%

0.30647

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

CWE-89