What is CVE-2021-37698?

CVE-2021-37698 is a high-severity vulnerability in Icinga Icinga2, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2021-08-19.

How severe is CVE-2021-37698?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Icinga Icinga2

CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter an…

Vulnerability class: Improper Certificate Validation

EPSS: 0.002 (36.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Icinga Icinga2 — versions >= 2.5.0, <= 2.13.0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2 (x_refsource_CONFIRM)
github.com/Icinga/icinga2/releases/tag/v2.11.11 (x_refsource_MISC)
github.com/Icinga/icinga2/releases/tag/v2.12.6 (x_refsource_MISC)
github.com/Icinga/icinga2/releases/tag/v2.13.1 (x_refsource_MISC)
[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-37698?: CVE-2021-37698 is a high-severity vulnerability in Icinga Icinga2, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2021-08-19.
How severe is CVE-2021-37698?: High severity. CVSS v3 base score is 7.5 out of 10.