Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nagios XI < 2012R1.6 Multiple Vulnerabilities

Medium

Synopsis

A vulnerable version of Nagios XI has been detected.

Description

Versions of Nagios XI prior to 2012R1.6 are affected by multiple vulnerabilities.

- The 'alertcloud' and 'escalationwizard' components and the Legacy Nagios Core Configuration Manager (NagiosQL) contain reflected cross-site scripting vulnerabilities.

- The 'autodiscovery' component contains a remote command execution vulnerability.

- The Legacy Nagios Core Configuration Manager (NagiosQL) and the 'escalationwizard' component contain SQL injection vulnerabilities due to improperly sanitized user-supplied input.

Solution

Upgrade to Nagios XI 2012R1.6 or later.