CVE-2018-10553

Name of the Vulnerable Software and Affected Versions: Nagios XI version 5.4.13

Description: A security issue was found that allows a registered user to use directory traversal to read local files. This can be achieved by using specific URIs, such as those beginning with "index.php?xiwindow=./" and "config/?xiwindow=../" substrings.

Recommendations: For Nagios XI version 5.4.13, consider restricting access to the index.php and config API endpoints until a patch is available. As a temporary workaround, avoid using the xiwindow parameter in these endpoints to minimize the risk of exploitation.