Server-Side Request Forgery (SSRF) vulnerability in NagiosXI schedulereport.php allows unauthorized access to internal resources

Server-Side Request Forgery (SSRF) vulnerability in NagiosXI schedulereport.php allows unauthorized access to internal resources

CVE-2021-37223 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.

Learn more about our Cis Benchmark Audit For Apple Ios.