CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17107
https://notcve.org/view.php?id=CVE-2019-17107
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. El archivo minPlayCommand.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes autenticados ejecutar código arbitrario por medio del parámetro command_hostaddress. NOTA: algunas fuentes han listado el CVE-2019-17017 para esto, pero eso es incorrecto. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7099 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17106
https://notcve.org/view.php?id=CVE-2019-17106
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. En Centreon Web versiones hasta 2.8.29, la divulgación de las contraseñas de los componentes externos permite a atacantes autenticados moverse lateralmente en los componentes externos. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/issues/7098 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17104
https://notcve.org/view.php?id=CVE-2019-17104
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. En Centreon VM versiones hasta 19.04.3, la configuración de cookies dentro del Servidor HTTP de Apache no protege contra el robo porque el flag HTTPOnly no está configurado. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/issues/7097 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-21025
https://notcve.org/view.php?id=CVE-2018-21025
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. En Centreon VM versiones hasta 19.04.3, el archivo centreon-backup.pl permite a atacantes convertirse en root por medio de un script diseñado, debido a derechos incorrectos de los archivos de configuración de origen. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/issues/7082 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-21023
https://notcve.org/view.php?id=CVE-2018-21023
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. El archivo getStats.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes autenticados ejecutar código arbitrario por medio del parámetro ns_id. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7083 https://github.com/centreon/centreon/pull/7271 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •