Primary

Context

Nagios XI Session Management Vulnerability After Password Change

Vulnerability

A vulnerability exists in Nagios XI versions prior to 2024R1.1.3, where changing a user's password does not invalidate all active sessions. This flaw allows pre-existing sessions, including those potentially compromised, to remain active after a password update. Consequently, unauthorized access to user data and actions could continue even after a password change.

Impact

This vulnerability could lead to unauthorized access to user data and actions, allowing continued exploitation of the user's session after a password change.

Remediation

Users can upgrade to Nagios XI version 2024R1.1.3 or later, where this issue has been addressed.

Added: Oct 30, 2025, 10:55 PM

Updated: Oct 30, 2025, 10:55 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

6.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

6.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios XI Session Management Vulnerability After Password Change

Vulnerability

Impact

Remediation

Affected Products

Nagios XI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating