Vulnerability Description
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Nagios Xi | <= 2011 |
Related Weaknesses (CWE)
References
- https://www.nagios.com/changelog/nagios-xi/Release Notes
- https://www.vulncheck.com/advisories/nagios-xi-authenticated-sqli-in-legacy-ccmThird Party Advisory
FAQ
What is CVE-2012-10063?
CVE-2012-10063 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying craft...
How severe is CVE-2012-10063?
CVE-2012-10063 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2012-10063?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios Xi.