Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
80 vulnerabilities found for web by Centreon
CVE-2026-2750 (GCVE-0-2026-2750)
Vulnerability from nvd – Published: 2026-02-27 14:58 – Updated: 2026-03-06 15:32
VLAI?
Title
Command Injection via CLAPI generatetraps
Summary
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.
Severity ?
9.1 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Centreon Open Tickets on Central Server |
Affected:
all , < 25.10; 24.10;24.04
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T17:30:13.395874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T15:32:35.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://downlad.centreon.com",
"defaultStatus": "unaffected",
"modules": [
"Centreon Open Tickets"
],
"platforms": [
"Linux"
],
"product": "Centreon Open Tickets on Central Server",
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10; 24.10;24.04",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Texugo from Haka\u00ef Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).\u003cp\u003eThis issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:58:29.021Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection via CLAPI generatetraps",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2026-2750",
"datePublished": "2026-02-27T14:58:29.021Z",
"dateReserved": "2026-02-19T14:25:18.453Z",
"dateUpdated": "2026-03-06T15:32:35.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6791 (GCVE-0-2025-6791)
Vulnerability from nvd – Published: 2025-08-22 18:56 – Updated: 2025-09-16 19:27
VLAI?
Title
Second order SQL injection available to user with low privilege
Summary
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T20:11:47.445230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T20:12:00.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Monitoring event logs"
],
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.9",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.16",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
},
{
"lessThan": "23.10.26",
"status": "affected",
"version": "23.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii by YesWeHack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.\u003cp\u003eThis issue affects web: 24.10.0, 24.04.0, 23.10.0.\u003c/p\u003e"
}
],
"value": "In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T19:27:33.378Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Second order SQL injection available to user with low privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-6791",
"datePublished": "2025-08-22T18:56:28.027Z",
"dateReserved": "2025-06-27T14:34:22.260Z",
"dateUpdated": "2025-09-16T19:27:33.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4650 (GCVE-0-2025-4650)
Vulnerability from nvd – Published: 2025-08-22 18:50 – Updated: 2025-08-22 19:01
VLAI?
Title
User with high privileges is able to introduce a SQLi using the Meta Service indicator page
Summary
User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T19:01:00.491601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T19:01:11.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Meta service indicator page"
],
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.9",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.16",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.26",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii for YesWeHack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.\u003c/p\u003e"
}
],
"value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T18:56:49.007Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4650",
"datePublished": "2025-08-22T18:50:42.034Z",
"dateReserved": "2025-05-13T11:40:55.019Z",
"dateUpdated": "2025-08-22T19:01:11.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4649 (GCVE-0-2025-4649)
Vulnerability from nvd – Published: 2025-05-13 11:40 – Updated: 2025-10-15 13:05
VLAI?
Title
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
Summary
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
Severity ?
4.9 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2025-02-10 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:04:27.568609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:04:49.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.4",
"status": "affected",
"version": "24.10.3",
"versionType": "semver"
},
{
"lessThan": "24.04.10",
"status": "affected",
"version": "24.04.09",
"versionType": "semver"
},
{
"lessThan": "23.10.21",
"status": "affected",
"version": "23.10.19",
"versionType": "semver"
},
{
"lessThan": "23.04.26",
"status": "affected",
"version": "23.04.24",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benoit Poulet"
}
],
"datePublic": "2025-02-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.\u003c/p\u003e"
}
],
"value": "Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.\n\n\n\nACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.\nThis issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:05:23.113Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4649",
"datePublished": "2025-05-13T11:40:23.198Z",
"dateReserved": "2025-05-13T09:47:58.210Z",
"dateUpdated": "2025-10-15T13:05:23.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4648 (GCVE-0-2025-4648)
Vulnerability from nvd – Published: 2025-05-13 09:45 – Updated: 2025-10-08 10:07
VLAI?
Title
A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
Summary
The content of a SVG file, received as input
in Centreon web, was not properly checked. Allows Reflected XSS.
A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Severity ?
8.4 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Date Public ?
2025-03-12 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:07.876396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:08:24.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.11",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.22",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
},
{
"lessThan": "23.04.27",
"status": "affected",
"version": "23.04.0",
"versionType": "semver"
},
{
"lessThan": "22.10.29",
"status": "affected",
"version": "22.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii working with YesWeHack"
}
],
"datePublic": "2025-03-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The content of a SVG file, received as input \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein Centreon web\u003c/span\u003e, was not properly checked. Allows Reflected XSS.\u003cbr\u003eA user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.\u003cbr\u003e\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.\u003c/p\u003e"
}
],
"value": "The content of a SVG file, received as input \n\nin Centreon web, was not properly checked. Allows Reflected XSS.\nA user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.\nThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T10:07:58.081Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55575-centreon-web-high-severity-4434"
},
{
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4648",
"datePublished": "2025-05-13T09:45:41.519Z",
"dateReserved": "2025-05-13T09:32:38.704Z",
"dateUpdated": "2025-10-08T10:07:58.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4647 (GCVE-0-2025-4647)
Vulnerability from nvd – Published: 2025-05-13 09:31 – Updated: 2025-05-13 13:08
VLAI?
Title
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Severity ?
8.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2025-03-12 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:16.035524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:08:24.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.11",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.22",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
},
{
"lessThan": "23.04.27",
"status": "affected",
"version": "23.04.0",
"versionType": "semver"
},
{
"lessThan": "22.10.29",
"status": "affected",
"version": "22.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii working with YesWeHack"
}
],
"datePublic": "2025-03-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon web allows Reflected XSS.\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon web allows Reflected XSS.\n\nA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.\n\nThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:31:17.529Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55574-centreon-web-high-severity-4435"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4647",
"datePublished": "2025-05-13T09:31:17.529Z",
"dateReserved": "2025-05-13T09:25:32.395Z",
"dateUpdated": "2025-05-13T13:08:24.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4646 (GCVE-0-2025-4646)
Vulnerability from nvd – Published: 2025-05-13 09:17 – Updated: 2025-10-08 10:00
VLAI?
Title
A high privilege user is able to create and use a valid admin API token in centreon-web
Summary
Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
Severity ?
7.2 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2025-03-10 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:49.597644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:09:27.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.04.10",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "24.10.4",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Floerer from YesWeHack"
}
],
"datePublic": "2025-03-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.\u003cp\u003eThis issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T10:00:43.607Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55572-centreon-web-high-severity-4460"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A high privilege user is able to create and use a valid admin API token in centreon-web",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4646",
"datePublished": "2025-05-13T09:17:35.146Z",
"dateReserved": "2025-05-13T08:17:11.709Z",
"dateUpdated": "2025-10-08T10:00:43.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-2750 (GCVE-0-2026-2750)
Vulnerability from cvelistv5 – Published: 2026-02-27 14:58 – Updated: 2026-03-06 15:32
VLAI?
Title
Command Injection via CLAPI generatetraps
Summary
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.
Severity ?
9.1 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Centreon Open Tickets on Central Server |
Affected:
all , < 25.10; 24.10;24.04
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T17:30:13.395874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T15:32:35.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://downlad.centreon.com",
"defaultStatus": "unaffected",
"modules": [
"Centreon Open Tickets"
],
"platforms": [
"Linux"
],
"product": "Centreon Open Tickets on Central Server",
"vendor": "Centreon",
"versions": [
{
"lessThan": "25.10; 24.10;24.04",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Texugo from Haka\u00ef Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).\u003cp\u003eThis issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:58:29.021Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection via CLAPI generatetraps",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2026-2750",
"datePublished": "2026-02-27T14:58:29.021Z",
"dateReserved": "2026-02-19T14:25:18.453Z",
"dateUpdated": "2026-03-06T15:32:35.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6791 (GCVE-0-2025-6791)
Vulnerability from cvelistv5 – Published: 2025-08-22 18:56 – Updated: 2025-09-16 19:27
VLAI?
Title
Second order SQL injection available to user with low privilege
Summary
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T20:11:47.445230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T20:12:00.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Monitoring event logs"
],
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.9",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.16",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
},
{
"lessThan": "23.10.26",
"status": "affected",
"version": "23.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii by YesWeHack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.\u003cp\u003eThis issue affects web: 24.10.0, 24.04.0, 23.10.0.\u003c/p\u003e"
}
],
"value": "In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T19:27:33.378Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Second order SQL injection available to user with low privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-6791",
"datePublished": "2025-08-22T18:56:28.027Z",
"dateReserved": "2025-06-27T14:34:22.260Z",
"dateUpdated": "2025-09-16T19:27:33.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4650 (GCVE-0-2025-4650)
Vulnerability from cvelistv5 – Published: 2025-08-22 18:50 – Updated: 2025-08-22 19:01
VLAI?
Title
User with high privileges is able to introduce a SQLi using the Meta Service indicator page
Summary
User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T19:01:00.491601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T19:01:11.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Meta service indicator page"
],
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.9",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.16",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.26",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii for YesWeHack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.\u003c/p\u003e"
}
],
"value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T18:56:49.007Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4650",
"datePublished": "2025-08-22T18:50:42.034Z",
"dateReserved": "2025-05-13T11:40:55.019Z",
"dateUpdated": "2025-08-22T19:01:11.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4649 (GCVE-0-2025-4649)
Vulnerability from cvelistv5 – Published: 2025-05-13 11:40 – Updated: 2025-10-15 13:05
VLAI?
Title
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
Summary
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
Severity ?
4.9 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2025-02-10 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:04:27.568609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:04:49.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.4",
"status": "affected",
"version": "24.10.3",
"versionType": "semver"
},
{
"lessThan": "24.04.10",
"status": "affected",
"version": "24.04.09",
"versionType": "semver"
},
{
"lessThan": "23.10.21",
"status": "affected",
"version": "23.10.19",
"versionType": "semver"
},
{
"lessThan": "23.04.26",
"status": "affected",
"version": "23.04.24",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benoit Poulet"
}
],
"datePublic": "2025-02-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.\u003c/p\u003e"
}
],
"value": "Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.\n\n\n\nACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.\nThis issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:05:23.113Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4649",
"datePublished": "2025-05-13T11:40:23.198Z",
"dateReserved": "2025-05-13T09:47:58.210Z",
"dateUpdated": "2025-10-15T13:05:23.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4648 (GCVE-0-2025-4648)
Vulnerability from cvelistv5 – Published: 2025-05-13 09:45 – Updated: 2025-10-08 10:07
VLAI?
Title
A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
Summary
The content of a SVG file, received as input
in Centreon web, was not properly checked. Allows Reflected XSS.
A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Severity ?
8.4 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Date Public ?
2025-03-12 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:07.876396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:08:24.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.11",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.22",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
},
{
"lessThan": "23.04.27",
"status": "affected",
"version": "23.04.0",
"versionType": "semver"
},
{
"lessThan": "22.10.29",
"status": "affected",
"version": "22.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii working with YesWeHack"
}
],
"datePublic": "2025-03-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The content of a SVG file, received as input \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein Centreon web\u003c/span\u003e, was not properly checked. Allows Reflected XSS.\u003cbr\u003eA user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.\u003cbr\u003e\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.\u003c/p\u003e"
}
],
"value": "The content of a SVG file, received as input \n\nin Centreon web, was not properly checked. Allows Reflected XSS.\nA user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.\nThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T10:07:58.081Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55575-centreon-web-high-severity-4434"
},
{
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4648",
"datePublished": "2025-05-13T09:45:41.519Z",
"dateReserved": "2025-05-13T09:32:38.704Z",
"dateUpdated": "2025-10-08T10:07:58.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4647 (GCVE-0-2025-4647)
Vulnerability from cvelistv5 – Published: 2025-05-13 09:31 – Updated: 2025-05-13 13:08
VLAI?
Title
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
Severity ?
8.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2025-03-12 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:16.035524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:08:24.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.11",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.22",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
},
{
"lessThan": "23.04.27",
"status": "affected",
"version": "23.04.0",
"versionType": "semver"
},
{
"lessThan": "22.10.29",
"status": "affected",
"version": "22.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii working with YesWeHack"
}
],
"datePublic": "2025-03-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon web allows Reflected XSS.\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon web allows Reflected XSS.\n\nA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.\n\nThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:31:17.529Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55574-centreon-web-high-severity-4435"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4647",
"datePublished": "2025-05-13T09:31:17.529Z",
"dateReserved": "2025-05-13T09:25:32.395Z",
"dateUpdated": "2025-05-13T13:08:24.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4646 (GCVE-0-2025-4646)
Vulnerability from cvelistv5 – Published: 2025-05-13 09:17 – Updated: 2025-10-08 10:00
VLAI?
Title
A high privilege user is able to create and use a valid admin API token in centreon-web
Summary
Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
Severity ?
7.2 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2025-03-10 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:49.597644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:09:27.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.04.10",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "24.10.4",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Floerer from YesWeHack"
}
],
"datePublic": "2025-03-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.\u003cp\u003eThis issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T10:00:43.607Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55572-centreon-web-high-severity-4460"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A high privilege user is able to create and use a valid admin API token in centreon-web",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4646",
"datePublished": "2025-05-13T09:17:35.146Z",
"dateReserved": "2025-05-13T08:17:11.709Z",
"dateUpdated": "2025-10-08T10:00:43.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0221
Vulnerability from certfr_avis - Published: 2026-02-27 - Updated: 2026-02-27
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Web versions antérieures à 24.04.25 | ||
| Centreon | open tickets | Open Tickets versions antérieures à 24.04.7 | ||
| Centreon | open tickets | Open Tickets versions 24.10.x antérieures à 24.10.8 | ||
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.21 | ||
| Centreon | Web | Web versions 25.x antérieures à 25.10.9 | ||
| Centreon | open tickets | Open Tickets versions 25.x antérieures à 25.10.3 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions ant\u00e9rieures \u00e0 24.04.25",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Open Tickets versions ant\u00e9rieures \u00e0 24.04.7",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Open Tickets versions 24.10.x ant\u00e9rieures \u00e0 24.10.8",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.21",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 25.x ant\u00e9rieures \u00e0 25.10.9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Open Tickets versions 25.x ant\u00e9rieures \u00e0 25.10.3",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13050"
},
{
"name": "CVE-2026-2751",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2751"
},
{
"name": "CVE-2025-12523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12523"
},
{
"name": "CVE-2026-2749",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2749"
},
{
"name": "CVE-2026-2750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2750"
}
],
"initial_release_date": "2026-02-27T00:00:00",
"last_revision_date": "2026-02-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0221",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon february-2026-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/february-2026-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502"
}
]
}
CERTFR-2026-AVI-0212
Vulnerability from certfr_avis - Published: 2026-02-26 - Updated: 2026-02-26
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | open tickets | Centreon Open Tickets versions 25.x antérieures à Tickets 25.10.3 | ||
| Centreon | open tickets | Centreon Open Tickets versions 24.10.x antérieures à Tickets 24.10.8 | ||
| Centreon | Web | Centreon Web versions 25.x antérieures à 25.10.9 | ||
| Centreon | open tickets | Centreon Open Tickets versions antérieures à 24.04.7 | ||
| Centreon | Web | Centreon Web versions 24.10.x antérieures à 24.10.21 | ||
| Centreon | Web | Centreon Web versions antérieures à 24.04.25 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Open Tickets versions 25.x ant\u00e9rieures \u00e0 Tickets 25.10.3",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Open Tickets versions 24.10.x ant\u00e9rieures \u00e0 Tickets 24.10.8",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 25.x ant\u00e9rieures \u00e0 25.10.9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Open Tickets versions ant\u00e9rieures \u00e0 24.04.7",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.21",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions ant\u00e9rieures \u00e0 24.04.25",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13050"
},
{
"name": "CVE-2026-2751",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2751"
},
{
"name": "CVE-2025-12523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12523"
},
{
"name": "CVE-2026-2749",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2749"
},
{
"name": "CVE-2026-2750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2750"
}
],
"initial_release_date": "2026-02-26T00:00:00",
"last_revision_date": "2026-02-26T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0212",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2026-2751-centreon-web-high-severity-5504",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2026-2750-centreon-web-critical-severity-5503",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2750-centreon-web-critical-severity-5503"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12523-centreon-web-medium-severity-5505",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12523-centreon-web-medium-severity-5505"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon february-release-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/february-release-monthly-security-bulletin-for-centreon-infra-monitoring-critical-5502"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-13050-centreon-web-medium-severity-5506",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13050-centreon-web-medium-severity-5506"
}
]
}
CERTFR-2026-AVI-0015
Vulnerability from certfr_avis - Published: 2026-01-08 - Updated: 2026-01-08
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | DSM | DSM versions 23.10.x antérieures à 23.10.5 | ||
| Centreon | DSM | DSM versions 25.10.x antérieures à 25.10.1 | ||
| Centreon | DSM | DSM versions 24.10.x antérieures à 24.10.4 | ||
| Centreon | Web | Web versions 25.10.x antérieures à 25.10.2 | ||
| Centreon | AWIE | AWIE versions 24.10.x antérieures à 24.10.3 | ||
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.15 | ||
| Centreon | AWIE | AWIE versions 24.04.x antérieures à 24.04.3 | ||
| Centreon | Web | Web versions 23.10.x antérieures à 23.10.29 | ||
| Centreon | DSM | DSM versions 24.04.x antérieures à 24.04.8 | ||
| Centreon | AWIE | AWIE versions 25.10.x antérieures à 25.10.2 | ||
| Centreon | Web | Web versions 24.04.x antérieures à 24.04.19 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DSM versions 23.10.x ant\u00e9rieures \u00e0 23.10.5",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "DSM versions 25.10.x ant\u00e9rieures \u00e0 25.10.1",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "DSM versions 24.10.x ant\u00e9rieures \u00e0 24.10.4",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 25.10.x ant\u00e9rieures \u00e0 25.10.2",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "AWIE versions 24.10.x ant\u00e9rieures \u00e0 24.10.3",
"product": {
"name": "AWIE",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.15",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "AWIE versions 24.04.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "AWIE",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.29",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "DSM versions 24.04.x ant\u00e9rieures \u00e0 24.04.8",
"product": {
"name": "DSM",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "AWIE versions 25.10.x ant\u00e9rieures \u00e0 25.10.2",
"product": {
"name": "AWIE",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-15026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15026"
},
{
"name": "CVE-2025-12513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12513"
},
{
"name": "CVE-2025-13056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13056"
},
{
"name": "CVE-2025-5965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5965"
},
{
"name": "CVE-2025-12519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12519"
},
{
"name": "CVE-2025-15029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15029"
},
{
"name": "CVE-2025-12511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12511"
}
],
"initial_release_date": "2026-01-08T00:00:00",
"last_revision_date": "2026-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-15026-centreon-awie-critical-severity-5357",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-5965-centreon-web-high-severity-5362",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12513-centreon-web-medium-severity-5360",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12513-centreon-web-medium-severity-5360"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-15029-centreon-awie-critical-severity-5356",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12519-centreon-web-medium-severity-5359",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-13056-centreon-web-medium-severity-5358",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13056-centreon-web-medium-severity-5358"
},
{
"published_at": "2026-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-12511-centreon-dsm-medium-severity-5361",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12511-centreon-dsm-medium-severity-5361"
}
]
}
CERTFR-2025-AVI-1127
Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19
De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon web versions 25.10.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43864"
},
{
"name": "CVE-2025-43865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43865"
}
],
"initial_release_date": "2025-12-19T00:00:00",
"last_revision_date": "2025-12-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1127",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon Web. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-high-severity-5307",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-high-severity-5307"
}
]
}
CERTFR-2025-AVI-0943
Vulnerability from certfr_avis - Published: 2025-10-31 - Updated: 2025-10-31
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Web versions 24.04.x antérieures à 24.04.16 | ||
| Centreon | MBI | MBI versions 24.04.x antérieures à 24.04.9 | ||
| Centreon | MBI | MBI versions 23.10.x antérieures à 23.10.15 | ||
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.9 | ||
| Centreon | MBI | MBI versions 24.10.x antérieures à 24.10.6 | ||
| Centreon | Web | Web versions 23.10.x antérieures à 23.10.26 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.16",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI versions 24.04.x ant\u00e9rieures \u00e0 24.04.9",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI versions 23.10.x ant\u00e9rieures \u00e0 23.10.15",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI versions 24.10.x ant\u00e9rieures \u00e0 24.10.6",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8432"
},
{
"name": "CVE-2025-10023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10023"
}
],
"initial_release_date": "2025-10-31T00:00:00",
"last_revision_date": "2025-10-31T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0943",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-10023-centreon-web-all-versions-medium-severity-5179",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-10023-centreon-web-all-versions-medium-severity-5179"
},
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8432-centreon-mbi-high-severity-5180",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180"
}
]
}
CERTFR-2025-AVI-0914
Vulnerability from certfr_avis - Published: 2025-10-23 - Updated: 2025-10-23
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.18",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.28",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54893"
},
{
"name": "CVE-2025-54892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54892"
},
{
"name": "CVE-2025-5946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5946"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2025-54889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54889"
},
{
"name": "CVE-2025-8430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8430"
},
{
"name": "CVE-2025-8429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8429"
},
{
"name": "CVE-2025-8459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8459"
},
{
"name": "CVE-2025-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8428"
},
{
"name": "CVE-2025-54891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54891"
}
],
"initial_release_date": "2025-10-23T00:00:00",
"last_revision_date": "2025-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0914",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8430-centreon-web-all-versions-medium-severity-5118",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8430-centreon-web-all-versions-medium-severity-5118"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54893-centreon-web-all-versions-medium-severity-5120",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54893-centreon-web-all-versions-medium-severity-5120"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2016-10744-centreon-web-all-versions-medium-severity-5106",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2016-10744-centreon-web-all-versions-medium-severity-5106"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8429-centreon-web-all-versions-medium-severity-5119",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8429-centreon-web-all-versions-medium-severity-5119"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8459-centreon-web-all-versions-high-severity-5117",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8459-centreon-web-all-versions-high-severity-5117"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8428-centreon-web-all-versions-medium-severity-5103",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8428-centreon-web-all-versions-medium-severity-5103"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-5946-centreon-web-all-versions-high-severity-5104",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5946-centreon-web-all-versions-high-severity-5104"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54889-centreon-web-all-versions-medium-severity-5123",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54889-centreon-web-all-versions-medium-severity-5123"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54891-centreon-web-all-versions-medium-severity-5122",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54891-centreon-web-all-versions-medium-severity-5122"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-medium-severity-5105",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-medium-severity-5105"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54892-centreon-web-all-versions-medium-severity-5121",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54892-centreon-web-all-versions-medium-severity-5121"
}
]
}
CERTFR-2025-AVI-0900
Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22
De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.18",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.28",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54889"
},
{
"name": "CVE-2025-54891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54891"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0900",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon Web. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54891-centreon-web-all-versions-medium-severity-5122",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54891-centreon-web-all-versions-medium-severity-5122"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54889-centreon-web-all-versions-medium-severity-5123",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54889-centreon-web-all-versions-medium-severity-5123"
}
]
}
CERTFR-2025-AVI-0728
Vulnerability from certfr_avis - Published: 2025-08-25 - Updated: 2025-08-25
Une vulnérabilité a été découverte dans Centreon Web. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.11",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.10.27",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-08-25T00:00:00",
"last_revision_date": "2025-08-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0728",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Centreon Web. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2025-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-high-severity-4935",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-high-severity-4935"
}
]
}
CERTFR-2025-AVI-0662
Vulnerability from certfr_avis - Published: 2025-08-07 - Updated: 2025-08-07
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une injection SQL (SQLi), un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | License Manager | License Manager versions antérieures 24.10.x à 24.10.3 | ||
| Centreon | License Manager | License Manager versions antérieures à 23.10.6 | ||
| Centreon | Web | Centreon versions antérieures à 23.10.26 | ||
| Centreon | Web | Centreon versions antérieures 24.04.x à 24.04.16 | ||
| Centreon | License Manager | License Manager versions antérieures 24.04.x à 24.04.5 | ||
| Centreon | Web | Centreon versions antérieures 24.10.x à 24.10.9 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "License Manager versions ant\u00e9rieures 24.10.x \u00e0 24.10.3",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "License Manager versions ant\u00e9rieures \u00e0 23.10.6",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures \u00e0 23.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures 24.04.x \u00e0 24.04.16",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "License Manager versions ant\u00e9rieures 24.04.x \u00e0 24.04.5",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures 24.10.x \u00e0 24.10.9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4650"
},
{
"name": "CVE-2025-6791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6791"
}
],
"initial_release_date": "2025-08-07T00:00:00",
"last_revision_date": "2025-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0662",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi), un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-6791-centreon-web-all-versions-high-severity-4900",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-4650-centreon-web-all-versions-high-severity-4901",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-high-severity-4899",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-high-severity-4899"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-license-manager-all-versions-high-severity-4904",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-license-manager-all-versions-high-severity-4904"
}
]
}
CERTFR-2025-AVI-0493
Vulnerability from certfr_avis - Published: 2025-06-11 - Updated: 2025-06-11
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | MBI | MBI Server versions antérieures à 23.04.23 | ||
| Centreon | Map | Map versions antérieures à 23.04.23 | ||
| Centreon | Map | Map versions antérieures à 24.10.5 | ||
| Centreon | MBI | MBI Engine versions antérieures à 24.10.22 | ||
| Centreon | MBI | MBI Server versions antérieures à 23.10.22 | ||
| Centreon | Web | Web versions antérieures à 23.04.27 | ||
| Centreon | Web | Web versions antérieures à 23.10.22 | ||
| Centreon | Map | Map versions antérieures à 23.10.19 | ||
| Centreon | Map | Map versions antérieures à 24.04.11 | ||
| Centreon | MBI | MBI Engine versions antérieures à 23.04.23 | ||
| Centreon | open tickets | open tickets versions antérieures à 23.10.3 | ||
| Centreon | open tickets | open tickets versions antérieures à 23.04.6 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MBI Server versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 24.10.5",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Engine versions ant\u00e9rieures \u00e0 24.10.22",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Server versions ant\u00e9rieures \u00e0 23.10.22",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.04.27",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.10.22",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 23.10.19",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 24.04.11",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Engine versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "open tickets versions ant\u00e9rieures \u00e0 23.10.3",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "open tickets versions ant\u00e9rieures \u00e0 23.04.6",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2024-55573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55573"
},
{
"name": "CVE-2023-28447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28447"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0493",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2023-28447-centreon-high-severity-4430",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2023-28447-centreon-high-severity-4430"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2022-46337-centreon-mbi-critical-severity-4744",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2022-46337-centreon-mbi-critical-severity-4744"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-map-critical-severity-4650",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-map-critical-severity-4650"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2022-46337-centreon-mbi-critical-severity-4649",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2022-46337-centreon-mbi-critical-severity-4649"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon updated-cve-2023-28447-centreon-high-severity-4652",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/updated-cve-2023-28447-centreon-high-severity-4652"
}
]
}
CERTFR-2024-AVI-1011
Vulnerability from certfr_avis - Published: 2024-11-22 - Updated: 2024-11-22
Une vulnérabilité a été découverte dans Centreon Web. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.0 | ||
| Centreon | Web | Web versions 23.04.x antérieures à 23.04.23 | ||
| Centreon | Web | Web versions 23.10.x antérieures à 23.10.18 | ||
| Centreon | Web | Web versions 22.10.x antérieures à 22.10.26 | ||
| Centreon | Web | Web versions 24.04.x antérieures à 24.04.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.0",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.18",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.8",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47863"
}
],
"initial_release_date": "2024-11-22T00:00:00",
"last_revision_date": "2024-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Centreon Web. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Vuln\u00e9rabilit\u00e9 dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2024-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2024-47863-centreon-web-medium-severity-4059?postid=14456#post14456",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-47863-centreon-web-medium-severity-4059?postid=14456#post14456"
}
]
}
CERTFR-2024-AVI-0915
Vulnerability from certfr_avis - Published: 2024-10-23 - Updated: 2024-10-23
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Centreon Web versions 22.x antérieures à 22.10.24 | ||
| Centreon | BI Server | Centreon BI Server versions 23.10.x antérieures à 23.10.8 | ||
| Centreon | BI Server | Centreon BI Server versions 24.x antérieures à 24.04.3 | ||
| Centreon | BI Server | Centreon BI Server versions 22.x antérieures à 22.10.11 | ||
| Centreon | Web | Centreon Web versions 23.04.x antérieures à 23.04.22 | ||
| Centreon | Web | Centreon Web versions 24.x antérieures à 24.04.7 | ||
| Centreon | Web | Centreon Web versions 23.10.x antérieures à 23.10.17 | ||
| Centreon | BI Server | Centreon BI Server versions 23.04.x antérieures à 23.04.11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 22.x ant\u00e9rieures \u00e0 22.10.24",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 23.10.x ant\u00e9rieures \u00e0 23.10.8",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 24.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 22.x ant\u00e9rieures \u00e0 22.10.11",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.22",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 24.x ant\u00e9rieures \u00e0 24.04.7",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 23.04.x ant\u00e9rieures \u00e0 23.04.11",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45754"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
}
],
"initial_release_date": "2024-10-23T00:00:00",
"last_revision_date": "2024-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0915",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2024-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon 13706",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45754-centreon-mbi-high-severity-3888?postid=13706#post13706"
},
{
"published_at": "2024-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon 13625",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3855?postid=13625#post13625"
}
]
}
CERTFR-2024-AVI-0743
Vulnerability from certfr_avis - Published: 2024-09-05 - Updated: 2024-09-05
De multiples vulnérabilités ont été découvertes dans Centreon web. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.23",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-32501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32501"
},
{
"name": "CVE-2024-33852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33852"
},
{
"name": "CVE-2024-33853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33853"
},
{
"name": "CVE-2024-33854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33854"
},
{
"name": "CVE-2024-5725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5725"
},
{
"name": "CVE-2024-39841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39841"
}
],
"initial_release_date": "2024-09-05T00:00:00",
"last_revision_date": "2024-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0743",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon web. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2024-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon web 3744",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744"
}
]
}
CERTFR-2024-AVI-0009
Vulnerability from certfr_avis - Published: 2024-01-05 - Updated: 2024-01-05
De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions ant\u00e9rieures \u00e0 22.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2024-01-05T00:00:00",
"last_revision_date": "2024-01-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0009",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon Web. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Centreon du 04 janvier 2024",
"url": "https://support.centreon.com/hc/en-us/articles/21413079841809-Security-bulletin-for-Centreon-Web"
}
]
}
CERTFR-2019-AVI-014
Vulnerability from certfr_avis - Published: 2019-01-10 - Updated: 2019-01-10
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | SRC Series Application Server et Web Administrator versions antérieures à 4.12.0-R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 sur vMX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75 | ||
| N/A | N/A | Juniper ATP | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series | ||
| Juniper Networks | Junos Space | Junos Space | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series | ||
| Juniper Networks | Junos OS | Tous produits et toutes plateformes exécutant Junos OS | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SRC Series Application Server et Web Administrator versions ant\u00e9rieures \u00e0 4.12.0-R1",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 sur vMX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ATP",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tous produits et toutes plateformes ex\u00e9cutant Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0010"
},
{
"name": "CVE-2018-10901",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10901"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2019-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0003"
},
{
"name": "CVE-2019-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0007"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2017-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0861"
},
{
"name": "CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"name": "CVE-2019-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0027"
},
{
"name": "CVE-2019-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0030"
},
{
"name": "CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"name": "CVE-2019-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0001"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2019-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0002"
},
{
"name": "CVE-2019-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0013"
},
{
"name": "CVE-2019-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0023"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2018-10675",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10675"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3137"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2017-3142",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
},
{
"name": "CVE-2018-10872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10872"
},
{
"name": "CVE-2019-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0015"
},
{
"name": "CVE-2019-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0005"
},
{
"name": "CVE-2019-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0009"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2019-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0024"
},
{
"name": "CVE-2019-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0025"
},
{
"name": "CVE-2017-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2019-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0011"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2019-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0012"
},
{
"name": "CVE-2017-11610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"
},
{
"name": "CVE-2018-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5748"
},
{
"name": "CVE-2019-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0004"
},
{
"name": "CVE-2019-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0017"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2017-1000366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0021"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2019-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0016"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
},
{
"name": "CVE-2019-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0022"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1050"
},
{
"name": "CVE-2019-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0014"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
},
{
"name": "CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"name": "CVE-2019-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0026"
},
{
"name": "CVE-2019-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0029"
},
{
"name": "CVE-2019-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0020"
},
{
"name": "CVE-2018-5740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5740"
},
{
"name": "CVE-2017-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2619"
},
{
"name": "CVE-2019-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0018"
},
{
"name": "CVE-2018-1000004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000004"
},
{
"name": "CVE-2019-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0006"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3136"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-10301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10301"
}
],
"initial_release_date": "2019-01-10T00:00:00",
"last_revision_date": "2019-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10906 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10906\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10910 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10910\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10911 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10911\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10907 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10907\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10912 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10912\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10913 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10913\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10919 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10919\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10905 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10905\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10902 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10902\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10917 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10904 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10904\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10915 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10915\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10916 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10916\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10914 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10914\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10900 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10900\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10909 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10909\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10901 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10901\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10918 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10918\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10903 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10903\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2018-AVI-325
Vulnerability from certfr_avis - Published: 2018-07-06 - Updated: 2018-07-06
Une vulnérabilité a été découverte dans TenableCore Web Application Scanner. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web Application Scanner versions ant\u00e9rieures \u00e0 v20180328",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1111"
}
],
"initial_release_date": "2018-07-06T00:00:00",
"last_revision_date": "2018-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TenableCore Web Application\nScanner. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans TenableCore Web Application Scanner",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2018-10 du 05 juillet 2018",
"url": "https://www.tenable.com/security/tns-2018-10"
}
]
}