CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17642
https://notcve.org/view.php?id=CVE-2019-17642
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin. Se detectó un problema en Centreon versiones anteriores a 18.10.8, 19.10.1 y 19.04.2. Permite un ataque de tipo CSRF con una ejecución de comando remoto resultante por medio de metacaracteres de shell en una POST en el archivo centreon-autodiscovery-server/views/scan/ajax/call.php en el plugin Autodiscovery. • https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.10/centreon-auto-discovery-19.10.1.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17645
https://notcve.org/view.php?id=CVE-2019-17645
An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. Se detectó un problema en Centreon versiones anteriores a 2.8.31, 18.10.9, 19.04.6 y 19.10.3. Proporciona información confidencial por medio de una petición directa no autenticada para el archivo include/configuration/configObject/service/refreshMacroAjax.php • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html https://documentation.centreon.com/docs/centreon/en/latest/ • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17644
https://notcve.org/view.php?id=CVE-2019-17644
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php. Se detectó un problema en Centreon versiones anteriores a 2.8-30, 18.10-8, 19.04-5 y 19.10-2. Proporciona información confidencial por medio de una petición directa no autenticada para el archivo include/configuration/configObject/host/refreshMacroAjax.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17643
https://notcve.org/view.php?id=CVE-2019-17643
An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. Se detectó un problema en Centreon versiones anteriores a 2.8-30,18.10-8, 19.04-5 y 19.10-2. Proporciona información confidencial por medio de una petición directa no autenticada para el archivo include/monitoring/recurrentDowntime/GetXMLHost4Services.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-30 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.0EPSS: 70%CPEs: 1EXPL: 1CVE-2020-9463
https://notcve.org/view.php?id=CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. Centreon versión 19.10, permite a usuarios autentificados remotos ejecutar comandos arbitrarios del Sistema Operativo por medio de metacaracteres de shell en el campo server_ip en los datos JSON en una petición de api/internal.php?object=centreon_configuration_remote. • https://code610.blogspot.com/2020/02/postauth-rce-in-centreon-1910.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •