PT-2025-44498 · Nagios Enterprises · Nagios Xi
Published
2025-10-30
·
Updated
2025-11-04
·
CVE-2024-13995
CVSS v3.1
8.8
High
| AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions prior to 2024R1.1.2
Description
Nagios XI versions prior to 2024R1.1.2 may disclose sensitive user account information, including API keys and hashed passwords, to authenticated users who should not have access to this data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts.
Recommendations
Update to version 2024R1.1.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi