Network Analyzer
by Nagios
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28925 | Cri | 0.64 | 9.8 | 0.04 | Apr 8, 2021 | SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. | ||
| CVE-2025-28059 | Hig | 0.49 | 7.5 | 0.01 | Apr 18, 2025 | An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active… | ||
| CVE-2021-28924 | Med | 0.40 | 6.1 | 0.09 | Apr 8, 2021 | Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. | ||
| CVE-2025-28132 | Med | 0.30 | 4.6 | 0.00 | Apr 1, 2025 | A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid… | ||
| CVE-2025-28131 | Med | 0.30 | 4.6 | 0.00 | Apr 1, 2025 | A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization… | ||
| CVE-2023-7319 | 0.00 | — | 0.00 | Oct 30, 2025 | Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Percentile Calculator menu. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's… | |||
| CVE-2025-34278 | 0.00 | — | 0.01 | Oct 30, 2025 | Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context… | |||
| CVE-2025-34280 | 0.00 | — | 0.01 | Oct 30, 2025 | Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the… |
- risk 0.64cvss 9.8epss 0.04
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
- risk 0.49cvss 7.5epss 0.01
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active…
- risk 0.40cvss 6.1epss 0.09
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
- risk 0.30cvss 4.6epss 0.00
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid…
- risk 0.30cvss 4.6epss 0.00
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization…
- CVE-2023-7319Oct 30, 2025risk 0.00cvss —epss 0.00
Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Percentile Calculator menu. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's…
- CVE-2025-34278Oct 30, 2025risk 0.00cvss —epss 0.01
Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context…
- CVE-2025-34280Oct 30, 2025risk 0.00cvss —epss 0.01
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the…