Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon web vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-19699
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software up to and including 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed ...
Centreon Centreon
3 Github repositories
7.2
CVSSv3
CVE-2019-16405
Centreon Web prior to 2.8.30, 18.10.x prior to 18.10.8, 19.04.x prior to 19.04.5 and 19.10.x prior to 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may b...
Centreon Centreon Web
6.5
CVSSv3
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote malicious users to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
Centreon Centreon Web 19.10.18
Centreon Centreon Web 20.04.8
Centreon Centreon Web 20.10.2
6.5
CVSSv3
CVE-2021-28055
An issue exists in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
Centreon Centreon 20.10.0
6.5
CVSSv3
CVE-2019-17106
In Centreon Web up to and including 2.8.29, disclosure of external components' passwords allows authenticated malicious users to move laterally to external components.
Centreon Centreon Web
6.1
CVSSv3
CVE-2020-10946
Cross-site scripting (XSS) vulnerability allows remote malicious users to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring wi...
Centreon Centreon Host-monitoring Widget
Centreon Centreon Tactical-overview Widget
Centreon Centreon Service-monitoring Widget
6.1
CVSSv3
CVE-2020-13627
Cross-site scripting (XSS) vulnerability allows remote malicious users to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitorin...
Centreon Centreon Host-monitoring Widget
Centreon Centreon Tactical-overview Widget
Centreon Centreon Service-monitoring Widget
6.1
CVSSv3
CVE-2020-13628
Cross-site scripting (XSS) vulnerability allows remote malicious users to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring...
Centreon Centreon Host-monitoring Widget
Centreon Centreon Tactical-overview Widget
Centreon Centreon Service-monitoring Widget
6.1
CVSSv3
CVE-2019-17108
Local file inclusion in brokerPerformance.php in Centreon Web prior to 2.8.28 allows malicious users to disclose information or perform a stored XSS attack on a user.
Centreon Centreon Web
5.4
CVSSv3
CVE-2022-39988
A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows malicious users to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.
Centreon Centreon 22.04.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »