Vulnerabilities > Centreon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-15299 | Improper Authentication vulnerability in Centreon web An issue was discovered in Centreon Web through 19.04.3. | 8.8 |
| 2020-01-16 | CVE-2019-20327 | Incorrect Permission Assignment for Critical Resource vulnerability in Centreon Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. | 7.8 |
| 2019-11-27 | CVE-2019-15300 | SQL Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 8.8 |
| 2019-11-27 | CVE-2019-15298 | OS Command Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 8.8 |
| 2019-11-26 | CVE-2019-16195 | Cross-site Scripting vulnerability in Centreon Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | 6.1 |
| 2019-11-21 | CVE-2019-16406 | Incorrect Permission Assignment for Critical Resource vulnerability in Centreon web 19.04.4 Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | 7.8 |
| 2019-11-21 | CVE-2019-16405 | Unspecified vulnerability in Centreon web Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. | 7.2 |
| 2019-10-14 | CVE-2019-17501 | OS Command Injection vulnerability in Centreon 19.04.0 Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). | 8.8 |
| 2019-10-08 | CVE-2019-17105 | Use of Insufficiently Random Values vulnerability in Centreon web The token generator in index.php in Centreon Web before 2.8.27 is predictable. | 5.3 |
| 2019-10-08 | CVE-2018-21024 | Unrestricted Upload of File with Dangerous Type vulnerability in Centreon licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | 9.8 |