CVE-2019-9203

CRITICAL

Nagios Incident Manager < 2.2.7 - Authorization Bypass via API

Title source: llm
STIX 2.1

Description

Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.nagios.com/products/security/

Scores

CVSS v3 9.8
EPSS 0.0549
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
nagios/incident_manager < 2.2.7
Published Mar 28, 2019
Tracked Since Feb 18, 2026