{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2012-10063","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-10-28T20:51:25.373Z","datePublished":"2025-10-30T21:31:21.797Z","dateUpdated":"2025-11-24T20:28:50.030Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Legacy Core Configuration Manager (CCM)"],"product":"XI","vendor":"Nagios","versions":[{"lessThan":"2012R1.3","status":"affected","version":"0","versionType":"custom"}]}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nagios:nagios_xi:2012:*:*:*:*:*:*:*","versionEndExcluding":"r1.3"}]}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Nagios XI versions prior to&nbsp;2012R1.3 contain&nbsp;a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database.&nbsp;Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly.<br>"}],"value":"Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-11-17T18:21:37.182Z"},"references":[{"tags":["release-notes","patch"],"url":"https://www.nagios.com/changelog/nagios-xi/"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/nagios-xi-authenticated-sqli-in-legacy-ccm"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Nagios addresses this vulnerability as \"Fixed potential SQL injection vulnerability in legacy CCM for authenticated users.\"<br>"}],"value":"Nagios addresses this vulnerability as \"Fixed potential SQL injection vulnerability in legacy CCM for authenticated users.\""}],"source":{"discovery":"UNKNOWN"},"title":"Nagios XI < 2012R1.3 Authenticated SQL Injection in Legacy CCM","x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-24T20:28:45.405708Z","id":"CVE-2012-10063","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-24T20:28:50.030Z"}}]}}