CVE-2020-15903
published 2020-09-09CVE-2020-15903: An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.75%
90.8th percentile
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | < 5.7.3 | 5.7.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mf64-j3g8-vgpj: An issue was found in Nagios XI before 5
ghsa_unreviewed·2022-05-24
CVE-2020-15903 [HIGH] CWE-269 GHSA-mf64-j3g8-vgpj: An issue was found in Nagios XI before 5
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (LibExpat) — CVE-2019-15903
vendor_oracle·2020-04-15·CVSS 7.5
CVE-2019-15903 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (LibExpat) — CVE-2019-15903
Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (LibExpat) vulnerability
CVE: CVE-2019-15903
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2020 (APR 2020)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-09-09
Published