Centreon: >> Centreon Web >> 2.8 Security Vulnerabilities
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
CVSS Score
7.2
EPSS Score
0.09
Published
2019-11-21
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-10-08
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-10-08
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-10-08
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-10-08
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-10-08
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-10-08
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-10-08
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-10-08
Page 2