Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for BI Server by Centreon

CERTFR-2024-AVI-0915

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Centreon	Web	Centreon Web versions 22.x antérieures à 22.10.24
Centreon	BI Server	Centreon BI Server versions 23.10.x antérieures à 23.10.8
Centreon	BI Server	Centreon BI Server versions 24.x antérieures à 24.04.3
Centreon	BI Server	Centreon BI Server versions 22.x antérieures à 22.10.11
Centreon	Web	Centreon Web versions 23.04.x antérieures à 23.04.22
Centreon	Web	Centreon Web versions 24.x antérieures à 24.04.7
Centreon	Web	Centreon Web versions 23.10.x antérieures à 23.10.17
Centreon	BI Server	Centreon BI Server versions 23.04.x antérieures à 23.04.11

References

Title

Publication Time

Tags

Bulletin de sécurité Centreon 13706	2024-10-10	vendor-advisory
Bulletin de sécurité Centreon 13625	2024-10-01	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Centreon Web versions 22.x ant\u00e9rieures \u00e0 22.10.24",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon BI Server versions 23.10.x ant\u00e9rieures \u00e0 23.10.8",
      "product": {
        "name": "BI Server",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon BI Server versions 24.x ant\u00e9rieures \u00e0 24.04.3",
      "product": {
        "name": "BI Server",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon BI Server versions 22.x ant\u00e9rieures \u00e0 22.10.11",
      "product": {
        "name": "BI Server",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.22",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Web versions 24.x ant\u00e9rieures \u00e0 24.04.7",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.17",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Centreon BI Server versions 23.04.x ant\u00e9rieures \u00e0 23.04.11",
      "product": {
        "name": "BI Server",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45754"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    }
  ],
  "initial_release_date": "2024-10-23T00:00:00",
  "last_revision_date": "2024-10-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0915",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
  "vendor_advisories": [
    {
      "published_at": "2024-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon 13706",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45754-centreon-mbi-high-severity-3888?postid=13706#post13706"
    },
    {
      "published_at": "2024-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon 13625",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3855?postid=13625#post13625"
    }
  ]
}