Centreon Web Security Vulnerabilities and Issues — Centreon Web CVE List

Lucene search

CentreonCentreon Web

12 matches found

CVE•added 2019/11/21 6:15 p.m.•74 views

CVE-2019-16405

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

9CVSS7.2AI score0.08968EPSS

CVE•added 2019/10/08 1:15 p.m.•55 views

CVE-2019-17107

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.

8.8CVSS8.9AI score0.01694EPSS

CVE•added 2019/11/21 6:15 p.m.•49 views

CVE-2019-16406

Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.

7.8CVSS7.7AI score0.00038EPSS

CVE•added 2019/10/08 1:15 p.m.•43 views

CVE-2019-17108

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.

6.1CVSS5.8AI score0.00091EPSS

CVE•added 2019/11/27 2:15 p.m.•41 views

CVE-2019-15298

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing ...

8.8CVSS8.8AI score0.08911EPSS

CVE•added 2019/10/08 1:15 p.m.•37 views

CVE-2018-21020

In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.

7.5CVSS7.6AI score0.00081EPSS

CVE•added 2019/10/08 1:15 p.m.•32 views

CVE-2018-21023

getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.

8.8CVSS8.8AI score0.01728EPSS

CVE•added 2019/10/08 1:15 p.m.•32 views

CVE-2019-17106

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.

6.5CVSS6.2AI score0.00134EPSS

CVE•added 2019/10/08 1:15 p.m.•30 views

CVE-2018-21021

img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2019/11/27 2:15 p.m.•29 views

CVE-2019-15300

A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.

8.8CVSS8.8AI score0.00281EPSS

CVE•added 2019/10/08 1:15 p.m.•26 views

CVE-2018-21022

makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2019/10/08 3:15 p.m.•24 views

CVE-2019-17105

The token generator in index.php in Centreon Web before 2.8.27 is predictable.

5.3CVSS5.3AI score0.0006EPSS