Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Network_analyzer
(Nagios)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-01 | CVE-2025-28131 | A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability. | Network_analyzer | N/A | ||
| 2025-04-18 | CVE-2025-28059 | An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions. | Network_analyzer | N/A | ||
| 2021-04-08 | CVE-2021-28924 | Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. | Network_analyzer | 6.1 | ||
| 2021-04-08 | CVE-2021-28925 | SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. | Network_analyzer | 9.8 |