CVE-2024-13998
BaseFortify
Publication date: 2025-11-03
Last updated on: 2025-11-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nagios | nagios_xi | to 2024 (exc) |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
| nagios | nagios_xi | 2024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Nagios XI versions prior to 2024R1.1.3 allows certain authenticated users to access sensitive user account information, including API keys and hashed passwords, which they should not be able to see. This exposure can lead to account compromise, misuse of API privileges, or attempts to crack passwords offline.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive account information, potentially resulting in account compromise, abuse of API privileges, and offline password cracking attempts, which can affect the security and integrity of your systems.