Nagios Network Analyzer 2024 R1.0.3
Approved changes feed: RSS · Atom
cpe:2.3:a:nagios:network_analyzer:2024:r1.0.3:*:*:*:*:*:*
part: a version: 2024 update: r1.0.3
| Vendor | Nagios (7fb1328e-019e-51f8-8fa9-c12efadd1bbe) |
|---|---|
| Product | Network Analyzer (2f24899e-0741-53a5-9b6a-2b0a21f19d2b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-34280 |
vulnerable | 2026-06-03 15:00:44.371744 |
Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.
Published: 2025-10-30T21:27:41.203Z
Updated: 2025-11-17T21:36:25.762Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-28131 |
vulnerable | 2026-06-03 15:00:13.650265 |
Details available
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.
Published: 2025-04-01T00:00:00.000Z
Updated: 2025-04-01T19:47:57.917Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-28059 |
vulnerable | 2026-06-03 15:00:13.620537 |
Details available
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions.
Published: 2025-04-18T00:00:00.000Z
Updated: 2025-04-22T14:28:48.195Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.