Vulnerabilities > Centreon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-28 | CVE-2020-9463 | OS Command Injection vulnerability in Centreon 19.10 Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. | 9.0 |
| 2020-02-24 | CVE-2019-15299 | Improper Authentication vulnerability in Centreon web An issue was discovered in Centreon Web through 19.04.3. | 6.5 |
| 2020-01-16 | CVE-2019-20327 | Improper Privilege Management vulnerability in Centreon Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. | 7.2 |
| 2019-11-27 | CVE-2019-15300 | SQL Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 6.5 |
| 2019-11-27 | CVE-2019-15298 | OS Command Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 6.5 |
| 2019-11-26 | CVE-2019-16195 | Cross-site Scripting vulnerability in Centreon Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | 4.3 |
| 2019-11-21 | CVE-2019-16406 | Incorrect Permission Assignment for Critical Resource vulnerability in Centreon web 19.04.4 Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | 7.2 |
| 2019-11-21 | CVE-2019-16405 | Unspecified vulnerability in Centreon web Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. | 9.0 |
| 2019-10-14 | CVE-2019-17501 | OS Command Injection vulnerability in Centreon 19.04.0 Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). | 9.0 |
| 2019-10-08 | CVE-2019-17105 | Use of Insufficiently Random Values vulnerability in Centreon web The token generator in index.php in Centreon Web before 2.8.27 is predictable. | 5.0 |