CVE-2018-17148

2019-06-1917:23:25

mitre

www.cve.org

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

77.6%

JSON

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

References

assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT