Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Centreon BAM by Centreon

    CVE-2025-3767 (GCVE-0-2025-3767)

    Vulnerability from nvd – Published: 2025-04-22 15:16 – Updated: 2025-04-22 16:09
    VLAI
    Title
    SQL Injection in Centreon BAM boolean KPI listing
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Centreon Centreon BAM Affected: 24.10 , < 24.10.1 (semver)
    Affected: 24.04 , < 24.04.5 (semver)
    Affected: 23.10 , < 23.10.10 (semver)
    Affected: 23.04 , < 23.04.10 (semver)
    Create a notification for this product.
    Credits
    Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3767",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T16:03:03.920840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T16:03:14.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Boolean KPI listing"
              ],
              "packageName": "centreon-bam",
              "product": "Centreon BAM",
              "vendor": "Centreon",
              "versions": [
                {
                  "lessThan": "24.10.1",
                  "status": "affected",
                  "version": "24.10",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.04.5",
                  "status": "affected",
                  "version": "24.04",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.10.10",
                  "status": "affected",
                  "version": "23.10",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.04.10",
                  "status": "affected",
                  "version": "23.04",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis page is only accessible to authenticated users with high privileges.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.\u003c/span\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\n\n\nThis page is only accessible to authenticated users with high privileges.\n\nThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-22T16:09:54.998Z",
            "orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
            "shortName": "Centreon"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-46924-cve-2025-3767-centreon-bam-high-severity-4459"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/centreon/centreon/releases"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "SQL Injection in Centreon BAM boolean KPI listing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "assignerShortName": "Centreon",
        "cveId": "CVE-2025-3767",
        "datePublished": "2025-04-22T15:16:24.312Z",
        "dateReserved": "2025-04-17T14:36:19.597Z",
        "dateUpdated": "2025-04-22T16:09:54.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3767 (GCVE-0-2025-3767)

    Vulnerability from cvelistv5 – Published: 2025-04-22 15:16 – Updated: 2025-04-22 16:09
    VLAI
    Title
    SQL Injection in Centreon BAM boolean KPI listing
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Centreon Centreon BAM Affected: 24.10 , < 24.10.1 (semver)
    Affected: 24.04 , < 24.04.5 (semver)
    Affected: 23.10 , < 23.10.10 (semver)
    Affected: 23.04 , < 23.04.10 (semver)
    Create a notification for this product.
    Credits
    Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3767",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T16:03:03.920840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T16:03:14.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Boolean KPI listing"
              ],
              "packageName": "centreon-bam",
              "product": "Centreon BAM",
              "vendor": "Centreon",
              "versions": [
                {
                  "lessThan": "24.10.1",
                  "status": "affected",
                  "version": "24.10",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.04.5",
                  "status": "affected",
                  "version": "24.04",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.10.10",
                  "status": "affected",
                  "version": "23.10",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.04.10",
                  "status": "affected",
                  "version": "23.04",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis page is only accessible to authenticated users with high privileges.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.\u003c/span\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\n\n\nThis page is only accessible to authenticated users with high privileges.\n\nThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-22T16:09:54.998Z",
            "orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
            "shortName": "Centreon"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-46924-cve-2025-3767-centreon-bam-high-severity-4459"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/centreon/centreon/releases"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "SQL Injection in Centreon BAM boolean KPI listing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "assignerShortName": "Centreon",
        "cveId": "CVE-2025-3767",
        "datePublished": "2025-04-22T15:16:24.312Z",
        "dateReserved": "2025-04-17T14:36:19.597Z",
        "dateUpdated": "2025-04-22T16:09:54.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }