====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN094
_____________________________________________________________________

DATE                : 25/02/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nagios versions prior to 5.6.10.

=====================================================================
https://www.nagios.com/downloads/nagios-xi/change-log/
_____________________________________________________________________

5.6.10 - 01/16/2020

    Fixed RCE vulnerability with apache user code execution in Scheduled
     Reporting component (CVE-2019-20197) -JO
    Fixed XSS vulnerability in Scheduled Reporting component and
     nocscreen (nocscreen can be upgraded from
     Admin > Manage Components) (CVE-2019-20139) -JO
    Fixed login redirection to remove double slashes as part of
     redirection security parsing -JO

        Core Config Manager (CCM) - 3.0.5

    Fixed several issues with importing service dependencies
          [TPS#14737] -SAW

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================