Insufficient Access Control Vulnerability in Nagios XI Configuration Snapshot Page Allows Credential Disclosure

Insufficient Access Control Vulnerability in Nagios XI Configuration Snapshot Page Allows Credential Disclosure

CVE-2018-17148 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

Learn more about our Cis Benchmark Audit For Apple Ios.