Vulnerabilities > Centreon > Centreon WEB > 2.8.23
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-15299 | Improper Authentication vulnerability in Centreon web An issue was discovered in Centreon Web through 19.04.3. | 6.5 |
| 2019-11-27 | CVE-2019-15300 | SQL Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 6.5 |
| 2019-11-27 | CVE-2019-15298 | OS Command Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 6.5 |
| 2019-11-21 | CVE-2019-16405 | Unspecified vulnerability in Centreon web Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. | 9.0 |
| 2019-10-08 | CVE-2019-17105 | Use of Insufficiently Random Values vulnerability in Centreon web The token generator in index.php in Centreon Web before 2.8.27 is predictable. | 5.0 |
| 2019-10-08 | CVE-2019-17108 | Cross-site Scripting vulnerability in Centreon web Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 4.3 |
| 2019-10-08 | CVE-2019-17107 | Code Injection vulnerability in Centreon web minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. | 6.5 |
| 2019-10-08 | CVE-2019-17106 | Cleartext Storage of Sensitive Information vulnerability in Centreon web In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 4.0 |
| 2019-10-08 | CVE-2018-21023 | Code Injection vulnerability in Centreon web getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | 6.5 |
| 2019-10-08 | CVE-2018-21022 | SQL Injection vulnerability in Centreon web makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | 6.5 |