Centreon: >> Centreon >> 18.10.3 Security Vulnerabilities
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-04
Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.)
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-16
Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-11-26
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-09-25
Page 3