CVE-2021-37223

Name of the Vulnerable Software and Affected Versions NagiosXI versions <= 5.8.4

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the schedulereport.php file. This vulnerability allows any authenticated user to create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to a lack of input sanitization, the target page can be replaced with an SSRF payload, enabling access to internal resources or disclosure of local system files.

Recommendations For NagiosXI versions <= 5.8.4, update to a version greater than 5.8.4 to resolve the issue. As a temporary workaround, consider restricting access to the schedulereport.php file to minimize the risk of exploitation. Additionally, avoid using the vulnerable feature of creating scheduled reports containing PDF screenshots until the issue is resolved.