CVE-2021-33177: SQL Injection
First published: Thu Oct 14 2021(Updated: )
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.
Credit: disclosure@synopsys.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios XI | <5.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-33177?
CVE-2021-33177 is a vulnerability in Nagios XI versions prior to 5.8.5 that allows an authenticated attacker to execute arbitrary SQL queries.
How severe is CVE-2021-33177?
CVE-2021-33177 has a severity score of 8.8 (high severity).
What is the affected software for CVE-2021-33177?
The affected software for CVE-2021-33177 is Nagios XI versions prior to 5.8.5.
Is authentication required to exploit CVE-2021-33177?
Yes, exploitation of CVE-2021-33177 requires the malicious actor to be authenticated to the vulnerable system.
How can CVE-2021-33177 be fixed?
To fix CVE-2021-33177, users should upgrade Nagios XI to version 5.8.5 or later.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios nagios xi