CVE-2021-37348

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.5

Description The issue is related to a local file inclusion vulnerability through improper limitation of a pathname in index.php. This could allow a remote attacker to disclose protected information. The vulnerability is associated with the use of files and directories accessible to external parties.

Recommendations For versions prior to 5.8.5, update to version 5.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file until a patch is available.