CVE-2022-38250
published 2022-09-07CVE-2022-38250: Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.47%
82.5th percentile
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →SQL injection attack vector targets the `mib_name` parameter on the Manage MIBs page of Nagios XI ↗
- ·Vulnerability is confirmed in Nagios XI v5.8.6 specifically; scope of affected versions beyond this is not detailed in the sources ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
nagios: SQL injection vulnerability via the mib_name parameter at the Manage MIBs page
vendor_redhat·2022-09-08·CVSS 9.8
CVE-2022-38250 [CRITICAL] CWE-89 nagios: SQL injection vulnerability via the mib_name parameter at the Manage MIBs page
nagios: SQL injection vulnerability via the mib_name parameter at the Manage MIBs page
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
Statement: Red Hat Gluster Storage (RHGS) 3.5 no longer supports monitoring using Nagios. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters, hence the Nagios package provided by RHGS will not be fixed.
Package: nagios (Red Hat Storage 3) - Will not fix
GHSA
GHSA-8mff-48jp-39q5: Nagios XI v5
ghsa_unreviewed·2022-09-08
CVE-2022-38250 [CRITICAL] CWE-89 GHSA-8mff-48jp-39q5: Nagios XI v5
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
OSV
CVE-2022-38250: Nagios XI v5
osv·2022-09-07·CVSS 9.8
CVE-2022-38250 [CRITICAL] CVE-2022-38250: Nagios XI v5
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-07
Published