Nagios Enterprises · Nagios Xi · CVE-2024-13996
**Name of the Vulnerable Software and Affected Versions**
Nagios XI versions prior to 2024R1.1.3
**Description**
Nagios XI did not properly invalidate all active sessions when a user's password was changed. This allowed existing sessions, potentially compromised, to remain valid after a credential update, enabling continued unauthorized access to user data and actions.
**Recommendations**
Update Nagios XI to version 2024R1.1.3 or later.