Skip to main content

Pandora Fms CVE-2023-41786

MEDIUM
Information Exposure (CWE-200)
2023-11-23 security@pandorafms.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 23, 2023 - 15:15 nvd
MEDIUM 6.5

DescriptionNVD

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772.

AnalysisAI

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. Affected products include: Artica Pandora Fms. Version information: through 772..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2024-12971 HIGH POC
8.6 Mar 17

Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS comm

CVE-2025-5306 CRITICAL POC
9.8 Jun 27

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue af

CVE-2025-34088 HIGH POC
8.6 Jul 03

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php

CVE-2020-13851 HIGH POC
8.8 Jun 11

Artica Pandora FMS 7.44 allows remote command execution via the events feature. Rated high severity (CVSS 8.8), this vul

CVE-2024-11320 MEDIUM POC
6.9 Nov 21

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication me

CVE-2021-34074 CRITICAL POC
9.8 Jun 25

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. Rated criti

CVE-2021-32099 CRITICAL POC
9.8 May 07

A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attac

CVE-2021-32098 CRITICAL POC
9.8 May 07

Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Rated critical severity (CVSS 9

CVE-2020-26518 CRITICAL POC
9.8 Oct 02

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/

CVE-2020-13854 CRITICAL POC
9.8 Jun 11

Artica Pandora FMS 7.44 allows privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2020-11749 CRITICAL POC
9.0 Jul 13

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. Rated critical severity

CVE-2020-13850 HIGH POC
7.5 Jun 11

Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Rated high severity (CVSS 7.5), this vulnerabili

Share

CVE-2023-41786 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy