Filtered by vendor Centreon
Subscribe
Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13252 | 1 Centreon | 1 Centreon | 2020-05-21 | 9.0 HIGH | 8.8 HIGH |
| Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | |||||
| CVE-2019-19699 | 1 Centreon | 1 Centreon | 2020-04-06 | 9.0 HIGH | 7.2 HIGH |
| There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. | |||||
| CVE-2019-17647 | 1 Centreon | 1 Centreon | 2020-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | |||||
| CVE-2019-16406 | 1 Centreon | 1 Centreon Web | 2020-03-06 | 7.2 HIGH | 7.8 HIGH |
| Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | |||||
| CVE-2020-9463 | 1 Centreon | 1 Centreon | 2020-03-03 | 9.0 HIGH | 8.8 HIGH |
| Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. | |||||
| CVE-2019-15299 | 1 Centreon | 1 Centreon Web | 2020-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | |||||
| CVE-2019-17501 | 1 Centreon | 1 Centreon | 2019-12-18 | 9.0 HIGH | 8.8 HIGH |
| Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same. | |||||
| CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2019-12-09 | 6.5 MEDIUM | 8.8 HIGH |
| A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | |||||
| CVE-2019-16195 | 1 Centreon | 1 Centreon | 2019-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | |||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||||
| CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| The token generator in index.php in Centreon Web before 2.8.27 is predictable. | |||||
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | |||||
| CVE-2018-21024 | 1 Centreon | 1 Centreon | 2019-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||||
| CVE-2018-21025 | 1 Centreon | 1 Centreon Vm | 2019-10-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | |||||
| CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2019-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | |||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2019-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | |||||
| CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2019-10-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | |||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2019-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |||||