VYPR

Monitor

by Opsview

CVEs (5)

  • CVE-2018-16144CriSep 5, 2018
    risk 0.66cvss 9.8epss 0.33

    The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.

  • CVE-2018-16145HigSep 5, 2018
    risk 0.53cvss 8.1epss 0.02

    The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence…

  • CVE-2018-16148MedSep 5, 2018
    risk 0.40cvss 6.1epss 0.01

    The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.

  • CVE-2016-10368MedMay 3, 2017
    risk 0.40cvss 6.1epss 0.02

    Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the…

  • CVE-2012-0263Dec 31, 2013
    risk 0.00cvss epss 0.02

    monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2)…