CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17647
https://notcve.org/view.php?id=CVE-2019-17647
An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. Se detectó un problema en Centreon versiones anteriores a 2.8.30, 18.10.8, 19.04.5 y 19.10.2. Se presenta una inyección SQL por medio del parámetro instance del archivo include/monitoring/status/Hosts/xml/hostXML.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html https://documentation.centreon.com/docs/centreon/en/latest/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17645
https://notcve.org/view.php?id=CVE-2019-17645
An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. Se detectó un problema en Centreon versiones anteriores a 2.8.31, 18.10.9, 19.04.6 y 19.10.3. Proporciona información confidencial por medio de una petición directa no autenticada para el archivo include/configuration/configObject/service/refreshMacroAjax.php • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html https://documentation.centreon.com/docs/centreon/en/latest/ • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17644
https://notcve.org/view.php?id=CVE-2019-17644
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php. Se detectó un problema en Centreon versiones anteriores a 2.8-30, 18.10-8, 19.04-5 y 19.10-2. Proporciona información confidencial por medio de una petición directa no autenticada para el archivo include/configuration/configObject/host/refreshMacroAjax.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17643
https://notcve.org/view.php?id=CVE-2019-17643
An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. Se detectó un problema en Centreon versiones anteriores a 2.8-30,18.10-8, 19.04-5 y 19.10-2. Proporciona información confidencial por medio de una petición directa no autenticada para el archivo include/monitoring/recurrentDowntime/GetXMLHost4Services.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-30 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20327
https://notcve.org/view.php?id=CVE-2019-20327
Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.) Unos permisos no seguros en cwrapper_perl en Centreon Infrastructure Monitoring Software versiones hasta 19.10, permiten a atacantes locales alcanzar privilegios. (cwrapper_perl es un ejecutable setuid que permite la ejecución de scripts Perl con privilegios root). • https://gist.github.com/Diefunction/9237f46b8659a65ab08de8ec9c258139 https://www.centreon.com/en • CWE-732: Incorrect Permission Assignment for Critical Resource •