Vulnerabilities > Centreon

DATE CVE VULNERABILITY TITLE RISK
2020-03-04 CVE-2019-17644 Forced Browsing vulnerability in Centreon
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2..
network
low complexity
centreon CWE-425
7.5
2020-03-04 CVE-2019-17643 Forced Browsing vulnerability in Centreon
An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2.
network
low complexity
centreon CWE-425
7.5
2020-02-28 CVE-2020-9463 OS Command Injection vulnerability in Centreon 19.10
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
network
low complexity
centreon CWE-78
8.8
2020-02-24 CVE-2019-15299 Improper Authentication vulnerability in Centreon web
An issue was discovered in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-287
8.8
2020-01-16 CVE-2019-20327 Incorrect Permission Assignment for Critical Resource vulnerability in Centreon
Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges.
local
low complexity
centreon CWE-732
7.8
2019-11-27 CVE-2019-15300 SQL Injection vulnerability in Centreon web
A problem was found in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-89
8.8
2019-11-27 CVE-2019-15298 OS Command Injection vulnerability in Centreon web
A problem was found in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-78
8.8
2019-11-26 CVE-2019-16195 Cross-site Scripting vulnerability in Centreon
Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields.
network
low complexity
centreon CWE-79
6.1
2019-11-21 CVE-2019-16406 Incorrect Permission Assignment for Critical Resource vulnerability in Centreon web 19.04.4
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
local
low complexity
centreon CWE-732
7.8
2019-11-21 CVE-2019-16405 Unspecified vulnerability in Centreon web
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
network
low complexity
centreon
7.2