CVE-2021-37223: SSRF
First published: Tue Oct 05 2021(Updated: )
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios XI | <=5.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-37223?
CVE-2021-37223 is a Server-Side Request Forgery (SSRF) vulnerability in Nagios Enterprises NagiosXI version 5.8.4 and below.
How severe is CVE-2021-37223?
CVE-2021-37223 has a severity rating of 6.5, which is considered medium.
What is the affected software for CVE-2021-37223?
The affected software for CVE-2021-37223 is Nagios Enterprises NagiosXI version 5.8.4 and below.
How can an authenticated user exploit CVE-2021-37223?
An authenticated user can exploit CVE-2021-37223 by creating scheduled reports containing PDF screenshots of any view in the NagiosXI application.
Are there any references for CVE-2021-37223?
Yes, you can find more information about CVE-2021-37223 on the official Nagios website and the NagiosXI change log.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios nagios xi
- version/nagios nagios xi/5.8.4