The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Centreon

computer vulnerability note CVE-2019-13024

Centreon: code execution via nagios_bin

Synthesis of the vulnerability

An attacker can use a vulnerability via nagios_bin of Centreon, in order to run code.
Impacted products: Centreon.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 02/07/2019.
Identifiers: CVE-2019-13024, VIGILANCE-VUL-29669.

Description of the vulnerability

An attacker can use a vulnerability via nagios_bin of Centreon, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 29451

Centreon Web: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Impacted products: Centreon.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/06/2019.
Identifiers: VIGILANCE-VUL-29451.

Description of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-19312

Centreon: SQL injection via searchVM

Synthesis of the vulnerability

An attacker can use a SQL injection of Centreon, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user account.
Creation date: 19/11/2018.
Identifiers: CVE-2018-19312, VIGILANCE-VUL-27821.

Description of the vulnerability

An attacker can use a SQL injection of Centreon, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-19311

Centreon: Cross Site Scripting via Service

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Centreon, in order to run JavaScript code in the context of the web site.
Impacted products: Centreon.
Severity: 1/4.
Consequences: client access/rights.
Provenance: user account.
Creation date: 19/11/2018.
Identifiers: CVE-2018-19311, VIGILANCE-VUL-27820.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Centreon, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-19281

Centreon: SQL injection via SNMP trap

Synthesis of the vulnerability

An attacker can use a SQL injection via SNMP trap of Centreon, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/11/2018.
Identifiers: CVE-2018-19281, VIGILANCE-VUL-27798.

Description of the vulnerability

The Centreon product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via SNMP trap of Centreon, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-19280

Centreon: Cross Site Scripting via Adding Poller Macros

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Adding Poller Macros of Centreon, in order to run JavaScript code in the context of the web site.
Impacted products: Centreon.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 15/11/2018.
Identifiers: CVE-2018-19280, VIGILANCE-VUL-27797.

Description of the vulnerability

The Centreon product offers a web service.

However, it does not filter received data via Adding Poller Macros before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Adding Poller Macros of Centreon, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19271

Centreon: SQL injection via searchH

Synthesis of the vulnerability

An attacker can use a SQL injection via searchH of Centreon, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/11/2018.
Identifiers: CVE-2018-19271, VIGILANCE-VUL-27796.

Description of the vulnerability

The Centreon product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via searchH of Centreon, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 27615

Centreon Web: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Impacted products: Centreon.
Severity: 2/4.
Consequences: client access/rights, data reading, denial of service on service.
Provenance: internet client.
Creation date: 25/10/2018.
Identifiers: VIGILANCE-VUL-27615.

Description of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 27031

Centreon Web: SQL injection via Metrics RPN

Synthesis of the vulnerability

An attacker can use a SQL injection via Metrics RPN of Centreon Web, in order to read or alter data.
Impacted products: Centreon.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: VIGILANCE-VUL-27031.

Description of the vulnerability

The Centreon Web product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via Metrics RPN of Centreon Web, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-11587 CVE-2018-11588 CVE-2018-11589

Centreon Web: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Impacted products: Centreon.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/06/2018.
Identifiers: CVE-2018-11587, CVE-2018-11588, CVE-2018-11589, VIGILANCE-VUL-26538.

Description of the vulnerability

An attacker can use several vulnerabilities of Centreon Web.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Centreon: