Vulnerabilities > Centreon

DATE CVE VULNERABILITY TITLE RISK
2019-10-14 CVE-2019-17501 OS Command Injection vulnerability in Centreon 19.04.0
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).
network
low complexity
centreon CWE-78
8.8
2019-10-08 CVE-2019-17105 Use of Insufficiently Random Values vulnerability in Centreon web
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
network
low complexity
centreon CWE-330
5.3
2019-10-08 CVE-2018-21024 Unrestricted Upload of File with Dangerous Type vulnerability in Centreon
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
network
low complexity
centreon CWE-434
critical
9.8
2019-10-08 CVE-2019-17108 Cross-site Scripting vulnerability in Centreon web
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
network
low complexity
centreon CWE-79
6.1
2019-10-08 CVE-2019-17107 OS Command Injection vulnerability in Centreon web
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter.
network
low complexity
centreon CWE-78
8.8
2019-10-08 CVE-2019-17106 Cleartext Storage of Sensitive Information vulnerability in Centreon web
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
network
low complexity
centreon CWE-312
6.5
2019-10-08 CVE-2019-17104 Reliance on Cookies without Validation and Integrity Checking vulnerability in Centreon VM 19.04.2/19.04.3
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
network
low complexity
centreon CWE-565
7.5
2019-10-08 CVE-2018-21025 Improper Privilege Management vulnerability in Centreon VM 19.04.2/19.04.3
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
network
low complexity
centreon CWE-269
critical
9.8
2019-10-08 CVE-2018-21023 Code Injection vulnerability in Centreon web
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
network
low complexity
centreon CWE-94
8.8
2019-10-08 CVE-2018-21022 SQL Injection vulnerability in Centreon web
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
network
low complexity
centreon CWE-89
8.8