Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Centreon_web
(Centreon)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-21 | CVE-2019-16406 | Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | Centreon_web | N/A | ||
| 2020-02-24 | CVE-2019-15299 | An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | Centreon_web | N/A | ||
| 2019-11-27 | CVE-2019-15298 | A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly. | Centreon_web | N/A | ||
| 2019-11-27 | CVE-2019-15300 | A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2019-17108 | Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2019-17105 | The token generator in index.php in Centreon Web before 2.8.27 is predictable. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2018-21023 | getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2018-21020 | In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2019-17106 | In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2018-21022 | makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | Centreon_web | N/A |