What is CVE-2021-33177?

CVE-2021-33177 is a vulnerability in Nagios Xi, classified under SQL Injection. Published 2021-10-14.

Is CVE-2021-33177 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Nagios Xi

CVE-2021-33177

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to…

Vulnerability class: SQL Injection

EPSS: 0.411 (97.5th percentile) — read the EPSS interpretation.

Affected products

Nagios Xi — versions <5.8.5

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-33177?: CVE-2021-33177 is a vulnerability in Nagios Xi, classified under SQL Injection. Published 2021-10-14.
Is CVE-2021-33177 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.