The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Centreon

computer vulnerability note CVE-2019-13024

Centreon: code execution via nagios_bin

Synthesis of the vulnerability

An attacker can use a vulnerability via nagios_bin of Centreon, in order to run code.
Impacted products: Centreon.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 02/07/2019.
Identifiers: CVE-2019-13024, VIGILANCE-VUL-29669.

Description of the vulnerability

An attacker can use a vulnerability via nagios_bin of Centreon, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-19312

Centreon: SQL injection via searchVM

Synthesis of the vulnerability

An attacker can use a SQL injection of Centreon, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user account.
Creation date: 19/11/2018.
Identifiers: CVE-2018-19312, VIGILANCE-VUL-27821.

Description of the vulnerability

An attacker can use a SQL injection of Centreon, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-19311

Centreon: Cross Site Scripting via Service

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Centreon, in order to run JavaScript code in the context of the web site.
Impacted products: Centreon.
Severity: 1/4.
Consequences: client access/rights.
Provenance: user account.
Creation date: 19/11/2018.
Identifiers: CVE-2018-19311, VIGILANCE-VUL-27820.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Centreon, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-19281

Centreon: SQL injection via SNMP trap

Synthesis of the vulnerability

An attacker can use a SQL injection via SNMP trap of Centreon, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/11/2018.
Identifiers: CVE-2018-19281, VIGILANCE-VUL-27798.

Description of the vulnerability

The Centreon product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via SNMP trap of Centreon, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-19280

Centreon: Cross Site Scripting via Adding Poller Macros

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Adding Poller Macros of Centreon, in order to run JavaScript code in the context of the web site.
Impacted products: Centreon.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 15/11/2018.
Identifiers: CVE-2018-19280, VIGILANCE-VUL-27797.

Description of the vulnerability

The Centreon product offers a web service.

However, it does not filter received data via Adding Poller Macros before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Adding Poller Macros of Centreon, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19271

Centreon: SQL injection via searchH

Synthesis of the vulnerability

An attacker can use a SQL injection via searchH of Centreon, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/11/2018.
Identifiers: CVE-2018-19271, VIGILANCE-VUL-27796.

Description of the vulnerability

The Centreon product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via searchH of Centreon, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 27615

Centreon Web: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Impacted products: Centreon.
Severity: 2/4.
Consequences: client access/rights, data reading, denial of service on service.
Provenance: internet client.
Creation date: 25/10/2018.
Identifiers: VIGILANCE-VUL-27615.

Description of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 27031

Centreon Web: SQL injection via Metrics RPN

Synthesis of the vulnerability

An attacker can use a SQL injection via Metrics RPN of Centreon Web, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: VIGILANCE-VUL-27031.

Description of the vulnerability

The Centreon Web product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via Metrics RPN of Centreon Web, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-11587 CVE-2018-11588 CVE-2018-11589

Centreon Web: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Impacted products: Centreon.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/06/2018.
Identifiers: CVE-2018-11587, CVE-2018-11588, CVE-2018-11589, VIGILANCE-VUL-26538.

Description of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 17996

Centreon: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Centreon.
Impacted products: Centreon.
Severity: 3/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 29/09/2015.
Identifiers: VIGILANCE-VUL-17996, ZSL-2015-5263, ZSL-2015-5264, ZSL-2015-5265, ZSL-2015-5266.

Description of the vulnerability

Several vulnerabilities were announced in Centreon.

An attacker can trigger a Cross Site Request Forgery in Centreon, in order to force the victim to perform operations. [severity:2/4; ZSL-2015-5263]

An attacker can upload a malicious file via Centreon, in order for example to upload a Trojan. [severity:3/4; ZSL-2015-5264]

An attacker can inject shell commands, in order to run code. [severity:3/4; ZSL-2015-5265]

An attacker can trigger a Cross Site Scripting in Centreon via img_comment, in order to run JavaScript code in the context of the web site. [severity:2/4; ZSL-2015-5266]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Centreon: