CVE-2021-37223
Last modified
CVE-2021-37223 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. EPSS estimates a 7.51% chance of exploitation in the next 30 days.
Description
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Nagios Xi | <= 5.8.4 |
References
- http://nagios.comVendor Advisory
- https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
- http://nagios.comVendor Advisory
- https://www.nagios.com/downloads/nagios-xi/change-log/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-37223?
How severe is CVE-2021-37223?
How do I fix CVE-2021-37223?
Are you affected by CVE-2021-37223?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST