CVE-2021-37223
https://notcve.org/view.php?id=CVE-2021-37223
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. Nagios Enterprises NagiosXI versiones anteriores a 5.8.4 incluyéndola, contiene una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el archivo schedulereport.php. Cualquier usuario autenticado puede crear informes programados que contengan capturas de pantalla en PDF de cualquier visualización de la aplicación NagiosXI. • http://nagios.com https://www.nagios.com/downloads/nagios-xi/change-log • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-36366
https://notcve.org/view.php?id=CVE-2021-36366
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. Nagios XI versiones anteriores a 5.8.5, permite incorrectamente los comodines de manage_services.sh • https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log •
CVE-2021-36365
https://notcve.org/view.php?id=CVE-2021-36365
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. Nagios XI versiones anteriores a 5.8.5, presenta una Asignación de Permisos Incorrecta para el archivo repairmysql.sh • https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log • CWE-276: Incorrect Default Permissions •
CVE-2021-36364
https://notcve.org/view.php?id=CVE-2021-36364
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. Nagios XI versiones anteriores a 5.8.5, permite incorrectamente los comodines backup_xi.sh • https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log •
CVE-2021-36363
https://notcve.org/view.php?id=CVE-2021-36363
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. Nagios XI versiones anteriores a 5.8.5, presenta una Asignación de Permisos Incorrecta para el archivo migrate.php • https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT https://www.nagios.com/downloads/nagios-xi/change-log • CWE-276: Incorrect Default Permissions •