GCVE - cpe:2.3:a:n/a:nagios_xi:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:nagios_xi:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Nagios Xi (`f153bd65-7b3b-53c1-9742-84b9bf601656`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-5796`	vulnerable	2026-06-08 05:26:43.760013	Details available Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. Published: 2020-11-13T19:55:44.000Z Updated: 2024-08-04T08:39:25.911Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2020-61	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5792`	vulnerable	2026-06-08 05:26:43.748324	Details available Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. Published: 2020-10-20T21:18:30.000Z Updated: 2024-08-04T08:39:25.923Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2020-58 http://packetstormsecurity.com/files/162284/Nagios-XI-5.7.3-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5791`	vulnerable	2026-06-08 05:26:43.746733	Details available Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. Published: 2020-10-20T21:22:00.000Z Updated: 2024-08-04T08:39:25.932Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2020-58 http://packetstormsecurity.com/files/159743/Nagios-XI-5.7.3-Remote-Command-Injection.html http://packetstormsecurity.com/files/162235/Nagios-XI-5.7.3-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5790`	vulnerable	2026-06-08 05:26:43.732865	Details available Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Published: 2020-10-20T21:20:21.000Z Updated: 2024-08-04T08:39:25.840Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2020-58	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.