CVE-2021-47693

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.3 Nagios XI versions prior to 5.8.5

Description The Core Config Manager (CCM) contains a SQL injection issue in how search text is handled. User-supplied input is not properly sanitized before being used in SQL queries within configuration object editors. A successful exploit by an authenticated user could result in the unauthorized disclosure or modification of configuration and application data, potentially leading to further compromise of the application or backend database.

Recommendations Update to CCM version 3.1.3 or later. Update to Nagios XI version 5.8.5 or later.