Nagios XI < 2012R1.6 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8366
SynopsisA vulnerable version of Nagios XI has been detected.
DescriptionVersions of Nagios XI prior to 2012R1.6 are affected by multiple vulnerabilities.
- The 'alertcloud' and 'escalationwizard' components and the Legacy Nagios Core Configuration Manager (NagiosQL) contain reflected cross-site scripting vulnerabilities.
- The 'autodiscovery' component contains a remote command execution vulnerability.
- The Legacy Nagios Core Configuration Manager (NagiosQL) and the 'escalationwizard' component contain SQL injection vulnerabilities due to improperly sanitized user-supplied input.
SolutionUpgrade to Nagios XI 2012R1.6 or later.