Vulnerability Details CVE-2018-11587
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
- https://github.com/centreon/centreon/pull/6263
- https://github.com/centreon/centreon/releases
- https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
- https://github.com/centreon/centreon/pull/6263
- https://github.com/centreon/centreon/releases
Products affected by CVE-2018-11587
-
cpe:2.3:a:centreon:centreon:3.4.6
-
cpe:2.3:a:centreon:centreon_web:2.8.23