CVE-2021-37350: 
Nagios XI vulnerability analysis and mitigation

Nagios XI before version 5.8.5 contained a critical SQL injection vulnerability (CVE-2021-37350) in its Bulk Modifications Tool. The vulnerability was discovered and disclosed in September 2021, affecting the core functionality of Nagios XI, a proprietary web-based network monitoring platform (Hacker News).

The vulnerability has been assigned a CVSS score of 9.8, indicating critical severity. The SQL injection vulnerability exists in the Bulk Modifications Tool component of Nagios XI and is caused by improper input sanitization. This allows attackers to potentially execute arbitrary SQL commands against the underlying database (Hacker News).

Due to the critical nature of Nagios XI in enterprise networks, where it oversees core servers, devices, and other critical components, successful exploitation of this vulnerability could allow attackers to gain unauthorized access to sensitive data, manipulate database contents, and potentially compromise the entire monitoring infrastructure (Hacker News).

The vulnerability has been patched in Nagios XI version 5.8.5. Organizations using affected versions should immediately upgrade to version 5.8.5 or later to mitigate the risk (Hacker News).