CVE-2021-33177
HIGHNagios XI < 5.8.5 - Authenticated SQL Injection via Bulk Modifications
Title source: llmDescription
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi
Scores
CVSS v3
8.8
EPSS
0.4108
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
nagios/nagios_xi
< 5.8.5
Published
Oct 14, 2021
Tracked Since
Feb 18, 2026