Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.tenable.com/security/research/tra-2018-37 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: tenable
Published: 2018-11-14T18:00:00Z
Updated: 2024-09-17T01:37:03.880Z
Reserved: 2018-08-22T00:00:00
Link: CVE-2018-15711
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-11-14T18:29:00.323
Modified: 2024-11-21T03:51:19.350
Link: CVE-2018-15711
Redhat
No data.