Notice: Spring4Shell Vulnerability – Nagios does not use the Java Spring framework

Security Disclosures

Reporting Security Vulnerabilities

At Nagios, we make security a priority. We strive to patch any security issues in a timely manner. We highly recommend using the latest versions available of our software. The latest versions will include security fixes that remediate the vulnerabilites shown below.

Please send security vulnerabilities found in any of the Nagios commercial products and security related emails to security@nagios.com. All non-security related bug reports should be given through a Support Ticket or through a post on the Support Forum.

Disclosed Vulnerabilities

Below is a listing of CVEs for patched security vulnerabilities that have been disclosed for Nagios products. Product version below does not mean that the security issue is only in that product version. Upgrade to the latest version to ensure all known vulnerabilities are patched. Scroll down to see all products.

XI 2024R1.3

XI 2024R1.2

XI 2024R1

XI 5.11

XI 5.9

XI 5.8

XI 5.7

XI 5.6

XI 5.5

XI 5.4

Log Server 2024R1

Log Server 2

Network Analyzer 2024R1

Network Analyzer 2

Fusion 4.2.0

Fusion 4

Core 4

NCPA 2