The Favorites component prior to 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nagios favorites |