CVE-2018-16146
N/A
N/A
Summary
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://knowledge.opsview.com/v5.4/docs/whats-new
- https://seclists.org/fulldisclosure/2018/Sep/3
- https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
References
- https://knowledge.opsview.com/v5.4/docs/whats-new
- https://seclists.org/fulldisclosure/2018/Sep/3
- https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.