CVE-2019-9203

EUVD-2019-18579
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
nagiosincident_manager
𝑥
< 2.2.7
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
https://www.nagios.com/products/security/
http://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html
https://www.nagios.com/products/security/