cbcvebase.

Nagios Network Analyzer vulnerabilities

7 known vulnerabilities affecting nagios/network_analyzer.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2021-28925P2CRITICALCVSS 9.8fixed in 2.4.32021-04-08
CVE-2021-28925 [CRITICAL] CWE-89 CVE-2021-28925: SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/ SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
nvd
CVE-2025-34280P3HIGHCVSS 7.2fixed in 2024v2024+1 more2025-10-30
CVE-2025-34280 [HIGH] CWE-78 CVE-2025-34280: Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in
nvd
CVE-2025-28059P3HIGHCVSS 7.5v20242025-04-18
CVE-2025-28059 [HIGH] CWE-613 CVE-2025-28059: An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to res
nvd
CVE-2021-28924P4MEDIUMCVSS 6.1fixed in 2.4.32021-04-08
CVE-2021-28924 [MEDIUM] CWE-79 CVE-2021-28924: Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
nvd
CVE-2025-34278P4MEDIUMCVSS 5.4fixed in 2024fixed in 2024R12025-10-30
CVE-2025-34278 [MEDIUM] CWE-79 CVE-2025-34278: Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnera Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a victim views the affected page the injected script exe
nvd
CVE-2023-7319P4MEDIUMCVSS 5.4fixed in 2024fixed in 2024R12025-10-30
CVE-2023-7319 [MEDIUM] CWE-79 CVE-2023-7319: Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via th Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Percentile Calculator menu. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2025-28131P4MEDIUMCVSS 4.6v20242025-04-01
CVE-2025-28131 [MEDIUM] CWE-285 CVE-2025-28131: A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege use A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system in
nvd
Nagios Network Analyzer vulnerabilities | cvebase