CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17643
https://notcve.org/view.php?id=CVE-2019-17643
04 Mar 2020 — An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. Se detectó un problema en Centreon versiones anteriores a 2.8-30,18.10-8, 19.04-5 y 19.10-2. Proporciona información confidencial por medio de una petición directa no autenticada para el archivo include/monitoring/recurrentDowntime/GetXMLHost4Services.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20327
https://notcve.org/view.php?id=CVE-2019-20327
16 Jan 2020 — Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.) Unos permisos no seguros en cwrapper_perl en Centreon Infrastructure Monitoring Software versiones hasta 19.10, permiten a atacantes locales alcanzar privilegios. (cwrapper_perl es un ejecutable setuid que permite la ejecución de scripts Perl con privilegios root). • https://gist.github.com/Diefunction/9237f46b8659a65ab08de8ec9c258139 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-16195
https://notcve.org/view.php?id=CVE-2019-16195
26 Nov 2019 — Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. Centreon versiones anteriores a la versión 2.8.30, versiones 18.x anteriores a 18.10.8 y versiones 19.x anteriores a 19.04.5, permite un ataque de tipo XSS por medio de un alias myAccount y campos de nombre. • https://github.com/centreon/centreon/pull/7876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16194
https://notcve.org/view.php?id=CVE-2019-16194
25 Sep 2019 — SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. Unas vulnerabilidades de inyección SQL en Centreon versiones hasta 19.04, permiten ataques por medio del parámetro svc_id en el archivo include/tracking/status/Services/xml/makeXMLForOneService.php. • https://github.com/centreon/centreon/pull/7862 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •