Refine your search
68 vulnerabilities found for Web by Centreon
CERTFR-2025-AVI-0943
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Web versions 24.04.x antérieures à 24.04.16 | ||
| Centreon | MBI | MBI versions 24.04.x antérieures à 24.04.9 | ||
| Centreon | MBI | MBI versions 23.10.x antérieures à 23.10.15 | ||
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.9 | ||
| Centreon | MBI | MBI versions 24.10.x antérieures à 24.10.6 | ||
| Centreon | Web | Web versions 23.10.x antérieures à 23.10.26 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.16",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI versions 24.04.x ant\u00e9rieures \u00e0 24.04.9",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI versions 23.10.x ant\u00e9rieures \u00e0 23.10.15",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI versions 24.10.x ant\u00e9rieures \u00e0 24.10.6",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8432"
},
{
"name": "CVE-2025-10023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10023"
}
],
"initial_release_date": "2025-10-31T00:00:00",
"last_revision_date": "2025-10-31T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0943",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-10023-centreon-web-all-versions-medium-severity-5179",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-10023-centreon-web-all-versions-medium-severity-5179"
},
{
"published_at": "2025-10-30",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8432-centreon-mbi-high-severity-5180",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8432-centreon-mbi-high-severity-5180"
}
]
}
CERTFR-2025-AVI-0914
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.18",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.28",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54893"
},
{
"name": "CVE-2025-54892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54892"
},
{
"name": "CVE-2025-5946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5946"
},
{
"name": "CVE-2016-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
},
{
"name": "CVE-2025-54889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54889"
},
{
"name": "CVE-2025-8430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8430"
},
{
"name": "CVE-2025-8429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8429"
},
{
"name": "CVE-2025-8459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8459"
},
{
"name": "CVE-2025-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8428"
},
{
"name": "CVE-2025-54891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54891"
}
],
"initial_release_date": "2025-10-23T00:00:00",
"last_revision_date": "2025-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0914",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8430-centreon-web-all-versions-medium-severity-5118",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8430-centreon-web-all-versions-medium-severity-5118"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54893-centreon-web-all-versions-medium-severity-5120",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54893-centreon-web-all-versions-medium-severity-5120"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2016-10744-centreon-web-all-versions-medium-severity-5106",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2016-10744-centreon-web-all-versions-medium-severity-5106"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8429-centreon-web-all-versions-medium-severity-5119",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8429-centreon-web-all-versions-medium-severity-5119"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8459-centreon-web-all-versions-high-severity-5117",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8459-centreon-web-all-versions-high-severity-5117"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8428-centreon-web-all-versions-medium-severity-5103",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8428-centreon-web-all-versions-medium-severity-5103"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-5946-centreon-web-all-versions-high-severity-5104",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5946-centreon-web-all-versions-high-severity-5104"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54889-centreon-web-all-versions-medium-severity-5123",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54889-centreon-web-all-versions-medium-severity-5123"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54891-centreon-web-all-versions-medium-severity-5122",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54891-centreon-web-all-versions-medium-severity-5122"
},
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-medium-severity-5105",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-medium-severity-5105"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54892-centreon-web-all-versions-medium-severity-5121",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54892-centreon-web-all-versions-medium-severity-5121"
}
]
}
CERTFR-2025-AVI-0900
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.18",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.28",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54889"
},
{
"name": "CVE-2025-54891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54891"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0900",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon Web. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54891-centreon-web-all-versions-medium-severity-5122",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54891-centreon-web-all-versions-medium-severity-5122"
},
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54889-centreon-web-all-versions-medium-severity-5123",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54889-centreon-web-all-versions-medium-severity-5123"
}
]
}
CERTFR-2025-AVI-0728
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Centreon Web. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.11",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.10.27",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-08-25T00:00:00",
"last_revision_date": "2025-08-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0728",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Centreon Web. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2025-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-high-severity-4935",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-high-severity-4935"
}
]
}
CERTFR-2025-AVI-0662
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une injection SQL (SQLi), un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | License Manager | License Manager versions antérieures 24.10.x à 24.10.3 | ||
| Centreon | License Manager | License Manager versions antérieures à 23.10.6 | ||
| Centreon | Web | Centreon versions antérieures à 23.10.26 | ||
| Centreon | Web | Centreon versions antérieures 24.04.x à 24.04.16 | ||
| Centreon | License Manager | License Manager versions antérieures 24.04.x à 24.04.5 | ||
| Centreon | Web | Centreon versions antérieures 24.10.x à 24.10.9 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "License Manager versions ant\u00e9rieures 24.10.x \u00e0 24.10.3",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "License Manager versions ant\u00e9rieures \u00e0 23.10.6",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures \u00e0 23.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures 24.04.x \u00e0 24.04.16",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "License Manager versions ant\u00e9rieures 24.04.x \u00e0 24.04.5",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures 24.10.x \u00e0 24.10.9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4650"
},
{
"name": "CVE-2025-6791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6791"
}
],
"initial_release_date": "2025-08-07T00:00:00",
"last_revision_date": "2025-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0662",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi), un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-6791-centreon-web-all-versions-high-severity-4900",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-4650-centreon-web-all-versions-high-severity-4901",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-high-severity-4899",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-high-severity-4899"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-license-manager-all-versions-high-severity-4904",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-license-manager-all-versions-high-severity-4904"
}
]
}
CERTFR-2025-AVI-0493
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | MBI | MBI Server versions antérieures à 23.04.23 | ||
| Centreon | Map | Map versions antérieures à 23.04.23 | ||
| Centreon | Map | Map versions antérieures à 24.10.5 | ||
| Centreon | MBI | MBI Engine versions antérieures à 24.10.22 | ||
| Centreon | MBI | MBI Server versions antérieures à 23.10.22 | ||
| Centreon | Web | Web versions antérieures à 23.04.27 | ||
| Centreon | Web | Web versions antérieures à 23.10.22 | ||
| Centreon | Map | Map versions antérieures à 23.10.19 | ||
| Centreon | Map | Map versions antérieures à 24.04.11 | ||
| Centreon | MBI | MBI Engine versions antérieures à 23.04.23 | ||
| Centreon | open tickets | open tickets versions antérieures à 23.10.3 | ||
| Centreon | open tickets | open tickets versions antérieures à 23.04.6 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MBI Server versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 24.10.5",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Engine versions ant\u00e9rieures \u00e0 24.10.22",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Server versions ant\u00e9rieures \u00e0 23.10.22",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.04.27",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.10.22",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 23.10.19",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 24.04.11",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Engine versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "open tickets versions ant\u00e9rieures \u00e0 23.10.3",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "open tickets versions ant\u00e9rieures \u00e0 23.04.6",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2024-55573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55573"
},
{
"name": "CVE-2023-28447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28447"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0493",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2023-28447-centreon-high-severity-4430",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2023-28447-centreon-high-severity-4430"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2022-46337-centreon-mbi-critical-severity-4744",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2022-46337-centreon-mbi-critical-severity-4744"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-map-critical-severity-4650",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-map-critical-severity-4650"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2022-46337-centreon-mbi-critical-severity-4649",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2022-46337-centreon-mbi-critical-severity-4649"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon updated-cve-2023-28447-centreon-high-severity-4652",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/updated-cve-2023-28447-centreon-high-severity-4652"
}
]
}
CERTFR-2024-AVI-1011
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Centreon Web. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.0 | ||
| Centreon | Web | Web versions 23.04.x antérieures à 23.04.23 | ||
| Centreon | Web | Web versions 23.10.x antérieures à 23.10.18 | ||
| Centreon | Web | Web versions 22.10.x antérieures à 22.10.26 | ||
| Centreon | Web | Web versions 24.04.x antérieures à 24.04.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.0",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.18",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.8",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47863"
}
],
"initial_release_date": "2024-11-22T00:00:00",
"last_revision_date": "2024-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Centreon Web. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Vuln\u00e9rabilit\u00e9 dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2024-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2024-47863-centreon-web-medium-severity-4059?postid=14456#post14456",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-47863-centreon-web-medium-severity-4059?postid=14456#post14456"
}
]
}
CERTFR-2024-AVI-0915
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Centreon Web versions 22.x antérieures à 22.10.24 | ||
| Centreon | BI Server | Centreon BI Server versions 23.10.x antérieures à 23.10.8 | ||
| Centreon | BI Server | Centreon BI Server versions 24.x antérieures à 24.04.3 | ||
| Centreon | BI Server | Centreon BI Server versions 22.x antérieures à 22.10.11 | ||
| Centreon | Web | Centreon Web versions 23.04.x antérieures à 23.04.22 | ||
| Centreon | Web | Centreon Web versions 24.x antérieures à 24.04.7 | ||
| Centreon | Web | Centreon Web versions 23.10.x antérieures à 23.10.17 | ||
| Centreon | BI Server | Centreon BI Server versions 23.04.x antérieures à 23.04.11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 22.x ant\u00e9rieures \u00e0 22.10.24",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 23.10.x ant\u00e9rieures \u00e0 23.10.8",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 24.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 22.x ant\u00e9rieures \u00e0 22.10.11",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.22",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 24.x ant\u00e9rieures \u00e0 24.04.7",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 23.04.x ant\u00e9rieures \u00e0 23.04.11",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45754"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
}
],
"initial_release_date": "2024-10-23T00:00:00",
"last_revision_date": "2024-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0915",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2024-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon 13706",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45754-centreon-mbi-high-severity-3888?postid=13706#post13706"
},
{
"published_at": "2024-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon 13625",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3855?postid=13625#post13625"
}
]
}
CERTFR-2024-AVI-0743
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Centreon web. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.23",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-32501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32501"
},
{
"name": "CVE-2024-33852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33852"
},
{
"name": "CVE-2024-33853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33853"
},
{
"name": "CVE-2024-33854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33854"
},
{
"name": "CVE-2024-5725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5725"
},
{
"name": "CVE-2024-39841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39841"
}
],
"initial_release_date": "2024-09-05T00:00:00",
"last_revision_date": "2024-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0743",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon web. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2024-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon web 3744",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744"
}
]
}
CERTFR-2024-AVI-0009
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions ant\u00e9rieures \u00e0 22.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2024-01-05T00:00:00",
"last_revision_date": "2024-01-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0009",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon Web. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Centreon du 04 janvier 2024",
"url": "https://support.centreon.com/hc/en-us/articles/21413079841809-Security-bulletin-for-Centreon-Web"
}
]
}
CERTFR-2019-AVI-014
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | SRC Series Application Server et Web Administrator versions antérieures à 4.12.0-R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 sur vMX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75 | ||
| N/A | N/A | Juniper ATP | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series | ||
| Juniper Networks | Junos Space | Junos Space | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series | ||
| Juniper Networks | Junos OS | Tous produits et toutes plateformes exécutant Junos OS | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SRC Series Application Server et Web Administrator versions ant\u00e9rieures \u00e0 4.12.0-R1",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 sur vMX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ATP",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tous produits et toutes plateformes ex\u00e9cutant Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0010"
},
{
"name": "CVE-2018-10901",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10901"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2019-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0003"
},
{
"name": "CVE-2019-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0007"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2017-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0861"
},
{
"name": "CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"name": "CVE-2019-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0027"
},
{
"name": "CVE-2019-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0030"
},
{
"name": "CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"name": "CVE-2019-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0001"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2019-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0002"
},
{
"name": "CVE-2019-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0013"
},
{
"name": "CVE-2019-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0023"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2018-10675",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10675"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3137"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2017-3142",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
},
{
"name": "CVE-2018-10872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10872"
},
{
"name": "CVE-2019-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0015"
},
{
"name": "CVE-2019-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0005"
},
{
"name": "CVE-2019-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0009"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2019-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0024"
},
{
"name": "CVE-2019-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0025"
},
{
"name": "CVE-2017-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2019-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0011"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2019-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0012"
},
{
"name": "CVE-2017-11610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"
},
{
"name": "CVE-2018-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5748"
},
{
"name": "CVE-2019-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0004"
},
{
"name": "CVE-2019-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0017"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2017-1000366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0021"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2019-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0016"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
},
{
"name": "CVE-2019-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0022"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1050"
},
{
"name": "CVE-2019-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0014"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
},
{
"name": "CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"name": "CVE-2019-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0026"
},
{
"name": "CVE-2019-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0029"
},
{
"name": "CVE-2019-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0020"
},
{
"name": "CVE-2018-5740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5740"
},
{
"name": "CVE-2017-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2619"
},
{
"name": "CVE-2019-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0018"
},
{
"name": "CVE-2018-1000004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000004"
},
{
"name": "CVE-2019-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0006"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3136"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-10301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10301"
}
],
"initial_release_date": "2019-01-10T00:00:00",
"last_revision_date": "2019-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10906 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10906\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10910 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10910\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10911 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10911\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10907 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10907\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10912 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10912\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10913 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10913\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10919 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10919\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10905 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10905\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10902 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10902\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10917 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10904 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10904\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10915 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10915\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10916 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10916\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10914 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10914\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10900 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10900\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10909 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10909\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10901 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10901\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10918 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10918\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10903 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10903\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2018-AVI-325
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans TenableCore Web Application Scanner. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web Application Scanner versions ant\u00e9rieures \u00e0 v20180328",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1111"
}
],
"initial_release_date": "2018-07-06T00:00:00",
"last_revision_date": "2018-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TenableCore Web Application\nScanner. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans TenableCore Web Application Scanner",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2018-10 du 05 juillet 2018",
"url": "https://www.tenable.com/security/tns-2018-10"
}
]
}
CERTFR-2018-AVI-073
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans SCADA CODESYS Web Server. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tous syst\u00e8mes Microsoft Windows (incluant WinCE) utilisant CODESYS V2.3 web servers en tant qu\u0027application isol\u00e9e ou au sein du syst\u00e8me CODESYS runtime versions ant\u00e9rieures \u00e0 V1.1.9.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5440"
}
],
"initial_release_date": "2018-02-07T00:00:00",
"last_revision_date": "2018-02-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-073",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SCADA CODESYS Web Server. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans SCADA CODESYS Web Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CODESYS LCDS-282 du 2 f\u00e9vrier 2018",
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-01_LCDS-282.pdf"
}
]
}
CERTFR-2015-AVI-230
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les systèmes SCADA Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Schneider VAMPSET versions 2.2.145 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Schneider InduSoft Web Studio versions 7.1.3.4 et ant\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2015-05-19T00:00:00",
"last_revision_date": "2015-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-230",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les syst\u00e8mes SCADA\n\u003cspan class=\"textit\"\u003eSchneider\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les syst\u00e8mes SCADA Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 25 mars 2015",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2015-084-01\u0026p_EnDocType=Brochure\u0026p_File_Id=768378039\u0026p_File_Name=SEVD-2015-084-01+VAMPSET+Software.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 10 avril 2015",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2015-100-01\u0026p_EnDocType=Brochure\u0026p_File_Id=782213040\u0026p_File_Name=SEVD-2015-100-01+InduSoft+Web+Studio_signed.pdf"
}
]
}
CERTFR-2015-AVI-007
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans EMC Documentum Web Development Kit. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et supérieures | ||
| Centreon | Web | EMC Records Client versions 6.7 SP2 et supérieures | ||
| Centreon | Web | EMC Digital Assets Manager versions 6.5 SP6 et supérieures | ||
| Centreon | Web | EMC Capital Projects versions 1.9 et supérieures | ||
| Centreon | Web | EMC WebTop versions 6.7 SP2 et supérieures | ||
| Centreon | Web | EMC Task Space versions 6.7 SP2 et supérieures | ||
| Centreon | Web | EMC Web Publishers versions 6.5 SP7 et supérieures | ||
| Centreon | Web | EMC Documentum Administrator versions 7.1 et supérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Records Client versions 6.7 SP2 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Digital Assets Manager versions 6.5 SP6 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Capital Projects versions 1.9 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC WebTop versions 6.7 SP2 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Task Space versions 6.7 SP2 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Web Publishers versions 6.5 SP7 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Administrator versions 7.1 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4636"
},
{
"name": "CVE-2014-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4639"
},
{
"name": "CVE-2014-4635",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4635"
},
{
"name": "CVE-2014-4637",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4637"
},
{
"name": "CVE-2014-4638",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4638"
}
],
"initial_release_date": "2015-01-06T00:00:00",
"last_revision_date": "2015-01-06T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-007",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eEMC Documentum Web Development Kit\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans EMC Documentum Web Development Kit",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-180 du 06 janvier 2015",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/att-0009/ESA-2014-180.txt"
}
]
}
CERTFR-2014-AVI-362
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans EMC Documentum. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | N/A | EMC Documentum Capital Projects | ||
| Centreon | N/A | EMC Documentum Administrator | ||
| N/A | N/A | EMC Documentum Digital Asset Manager | ||
| Centreon | N/A | EMC Documentum Content Server | ||
| Centreon | Web | EMC Documentum Web Publisher | ||
| Centreon | N/A | EMC Documentum Engineering Plant Facilities Management Solution | ||
| N/A | N/A | EMC Documentum D2 | ||
| N/A | N/A | EMC Documentum Webtop | ||
| N/A | N/A | EMC Documentum Taskspace | ||
| Centreon | N/A | EMC Documentum WDK | ||
| N/A | N/A | EMC Documentum Records Manager | ||
| Centreon | N/A | EMC Documentum Records Client |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC Documentum Capital Projects",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Administrator",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Digital Asset Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Content Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Web Publisher",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Engineering Plant Facilities Management Solution",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum D2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Webtop",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Taskspace",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum WDK",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Records Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Records Client",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2521"
},
{
"name": "CVE-2014-4618",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4618"
},
{
"name": "CVE-2014-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2511"
},
{
"name": "CVE-2014-2515",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2515"
},
{
"name": "CVE-2014-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
},
{
"name": "CVE-2014-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
},
{
"name": "CVE-2014-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2518"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-5298",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5298"
},
{
"name": "CVE-2014-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2520"
},
{
"name": "CVE-2014-0198",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0198"
}
],
"initial_release_date": "2014-08-20T00:00:00",
"last_revision_date": "2014-08-20T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-362",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eEMC Documentum\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans EMC Documentum",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-067 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-92/ESA-2014-067.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-079 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-93/ESA-2014-079.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-073 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-90/ESA-2014-073.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-059 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-91/ESA-2014-059.txt"
}
]
}
CERTA-2013-AVI-319
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans EMC RSA SecurID. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | RSA Web Agent for Apache Web Server versions antérieures à 5.3.5 | ||
| Microsoft | Windows | RSA Agent pour Microsoft Windows versions antérieures à 6.1.4 | ||
| N/A | N/A | RSA Authentication API versions antérieures à 8.1 SP1 | ||
| N/A | N/A | RSA PAM Agent versions antérieures à 7.0 | ||
| Centreon | Web | RSA Web Agent for IIS versions antérieures à 5.3.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RSA Web Agent for Apache Web Server versions ant\u00e9rieures \u00e0 5.3.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "RSA Agent pour Microsoft Windows versions ant\u00e9rieures \u00e0 6.1.4",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "RSA Authentication API versions ant\u00e9rieures \u00e0 8.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "RSA PAM Agent versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "RSA Web Agent for IIS versions ant\u00e9rieures \u00e0 5.3.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-0941",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0941"
}
],
"initial_release_date": "2013-05-21T00:00:00",
"last_revision_date": "2013-05-21T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-319",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eEMC RSA\nSecurID\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans EMC RSA SecurID",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2013-029 du 16 mai 2013",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/att-0064/ESA-2013-029.txt"
}
]
}
CERTA-2013-AVI-141
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Hitachi. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Hitachi Tuning Manager Software versions ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi JP1/Performance Management - Web Console versions ant\u00e9rieures \u00e0 09-00-03",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2013-02-19T00:00:00",
"last_revision_date": "2013-02-19T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-141",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eHitachi\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Hitachi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS13-003 du 18 f\u00e9vrier 2013",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-003/index.html"
}
]
}
CERTA-2013-AVI-064
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Barracuda Networks. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Barracuda Web Filter versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Message Archiver versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Virus Firewall versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Link Balancer versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Load Balancer versions antérieures à 2.0.5 | ||
| Centreon | Web | Barracuda Web Application Firewall versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Spam versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda SSL VPN versions antérieures à 2.0.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Barracuda Web Filter versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Message Archiver versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Virus Firewall versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Link Balancer versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Load Balancer versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Web Application Firewall versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Spam versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda SSL VPN versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2013-01-25T00:00:00",
"last_revision_date": "2013-01-25T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-064",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eBarracuda Networks\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Barracuda Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Barracuda Networks du 23 janvier 2013",
"url": "https://www.barracudanetworks.com/support/techalerts"
}
]
}
CERTA-2012-AVI-696
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Hitachi. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Cosminexus version 5 | ||
| Centreon | Web | Hitachi Web Server de la version 04-00 à la version 04-20 | ||
| Centreon | N/A | Cosminexus version 7 | ||
| N/A | N/A | Cosminexus version 9 | ||
| Centreon | Web | Hitachi Web Server de la version 02-00 à la version 02-04 | ||
| Centreon | N/A | Cosminexus version 8 | ||
| Centreon | Web | Hitachi Web Server de la version 03-00 à la version 03-10 | ||
| N/A | N/A | Cosminexus version 6 | ||
| N/A | N/A | Cosminexus version 6.7 | ||
| Apache | HTTP Server | Cosminexus HTTP Server version 09-00 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cosminexus version 5",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 04-00 \u00e0 la version 04-20",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 02-00 \u00e0 la version 02-04",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 03-00 \u00e0 la version 03-10",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 6",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus version 6.7",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus HTTP Server version 09-00",
"product": {
"name": "HTTP Server",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
}
],
"initial_release_date": "2012-12-03T00:00:00",
"last_revision_date": "2012-12-03T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-696",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eHitachi\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Hitachi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS12-028 du 28 novembre 2012",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-028/index.html"
}
]
}
CERTA-2012-AVI-486
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans l'ActiveX InduSoft ISSymbol. Elle concerne un débordement de mémoire tampon pouvant être utilisé par un utilisateur malveillant pour exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "InduSoft ISSymbol ActiveX Control (Build 301.1009.2904.0) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "InduSoft Web Studio version 7.0B2.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "InduSoft Thin Client version 7.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0340"
}
],
"initial_release_date": "2012-09-06T00:00:00",
"last_revision_date": "2012-09-06T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 InduSoft du 05 septembre 2012 :",
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 ICS-CERT ICSA-12-249-03 du 05 septembre 2012 :",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-03.pdf"
}
],
"reference": "CERTA-2012-AVI-486",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans l\u0027\u003cspan\nclass=\"textit\"\u003eActiveX\u003c/span\u003e \u003cspan class=\"textit\"\u003eInduSoft\nISSymbol\u003c/span\u003e. Elle concerne un d\u00e9bordement de m\u00e9moire tampon pouvant\n\u00eatre utilis\u00e9 par un utilisateur malveillant pour ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le syst\u00e8me SCADA InduSoft ISSymbol",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ICS-CERT ICSA-12-249-03 du 05 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-466
Vulnerability from certfr_avis
Une vulnérabilité dans les produits EMC ApplicationXtender a été corrigée. Elle permet à un attaquant de téléverser des fichiers arbitraires sur le système. Ceux-ci peuvent ensuite être utilisés pour exécuter du code arbitraire à distance sur ce système.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC ApplicationXtender Web Access .NET versions 6.5 P1 et pr\u00e9c\u00e9dentes.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC ApplicationXtender Desktop versions 6.5 P1 et pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2289",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2289"
}
],
"initial_release_date": "2012-08-28T00:00:00",
"last_revision_date": "2012-08-28T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-466",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans les produits EMC ApplicationXtender a \u00e9t\u00e9\ncorrig\u00e9e. Elle permet \u00e0 un attaquant de t\u00e9l\u00e9verser des fichiers\narbitraires sur le syst\u00e8me. Ceux-ci peuvent ensuite \u00eatre utilis\u00e9s pour\nex\u00e9cuter du code arbitraire \u00e0 distance sur ce syst\u00e8me.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits EMC ApplicationXtender",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2012-039 du 23 ao\u00fbt 2012",
"url": "http://seclists.org/bugtraq/2012/Aug/att-167/ESA-2012-039.txt"
}
]
}
CERTA-2012-AVI-451
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans HP Service Manager Web Tier et HP Service Center Web Tier. Cette vulnérabilité permet à un utilisateur malintentionné d'effectuer de l'injection de code indirecte à distance (cross-site-scripting).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Service Manager Web Tier 9.30, 9.21 et 7.11 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP Service Center Web Tier 6.28.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3251",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3251"
}
],
"initial_release_date": "2012-08-20T00:00:00",
"last_revision_date": "2012-08-20T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-451",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eHP Service\nManager Web Tier\u003c/span\u003e et \u003cspan class=\"textit\"\u003eHP Service Center Web\nTier\u003c/span\u003e. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur malintentionn\u00e9\nd\u0027effectuer de l\u0027injection de code indirecte \u00e0 distance \u003cspan\nclass=\"textit\"\u003e(cross-site-scripting)\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans HP Service Manager Web Tier et HP Service Center Tier",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03450382 du 13 ao\u00fbt 2012",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382"
}
]
}
CERTA-2012-AVI-219
Vulnerability from certfr_avis
De multiples vulnérabilités ont étés corrigées dans HP OpenVMS. Ces vulnérabilités affectent plusieurs éléments du produit. Elles permettent de contourner des politiques de sécurité, de s'élever des privilèges, d'effectuer des modifications non autorisées, de causer des dénis de service et d'accéder à des informations non permises.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et antérieures ; | ||
| Centreon | N/A | HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64. | ||
| Centreon | N/A | HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et antérieures ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et ant\u00e9rieures ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64.",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
},
{
"name": "CVE-2010-3870",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3870"
},
{
"name": "CVE-2010-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
},
{
"name": "CVE-2010-4697",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4697"
},
{
"name": "CVE-2010-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3709"
},
{
"name": "CVE-2011-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2011-3190",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
},
{
"name": "CVE-2010-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
},
{
"name": "CVE-2010-2100",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2100"
},
{
"name": "CVE-2010-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
},
{
"name": "CVE-2009-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
},
{
"name": "CVE-2010-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
},
{
"name": "CVE-2009-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
},
{
"name": "CVE-2009-2902",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
},
{
"name": "CVE-2010-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
},
{
"name": "CVE-2012-0134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0134"
},
{
"name": "CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"name": "CVE-2011-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0752"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2011-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
},
{
"name": "CVE-2010-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1864"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2011-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
},
{
"name": "CVE-2011-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
},
{
"name": "CVE-2011-1148",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
},
{
"name": "CVE-2009-3548",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
},
{
"name": "CVE-2010-2191",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2191"
},
{
"name": "CVE-2010-2101",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2101"
},
{
"name": "CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"name": "CVE-2006-7243",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
},
{
"name": "CVE-2009-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
},
{
"name": "CVE-2010-4698",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4698"
},
{
"name": "CVE-2010-2225",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2225"
},
{
"name": "CVE-2010-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2097"
},
{
"name": "CVE-2011-1464",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1464"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-1860",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1860"
},
{
"name": "CVE-2010-2190",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2190"
},
{
"name": "CVE-2011-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
},
{
"name": "CVE-2010-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
},
{
"name": "CVE-2010-4150",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4150"
},
{
"name": "CVE-2011-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
},
{
"name": "CVE-2010-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1862"
}
],
"initial_release_date": "2012-04-18T00:00:00",
"last_revision_date": "2012-04-18T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-219",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9s corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP OpenVMS\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s affectent plusieurs\n\u00e9l\u00e9ments du produit. Elles permettent de contourner des politiques de\ns\u00e9curit\u00e9, de s\u0027\u00e9lever des privil\u00e8ges, d\u0027effectuer des modifications non\nautoris\u00e9es, de causer des d\u00e9nis de service et d\u0027acc\u00e9der \u00e0 des\ninformations non permises.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenVMS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281867 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281867"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281831 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281831"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281869 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281869"
}
]
}
CVE-2025-6791 (GCVE-0-2025-6791)
Vulnerability from nvd
Published
2025-08-22 18:56
Modified
2025-09-16 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T20:11:47.445230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T20:12:00.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Monitoring event logs"
],
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.9",
"status": "affected",
"version": "24.10.0",
"versionType": "custom"
},
{
"lessThan": "24.04.16",
"status": "affected",
"version": "24.04.0",
"versionType": "custom"
},
{
"lessThan": "23.10.26",
"status": "affected",
"version": "23.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii by YesWeHack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.\u003cp\u003eThis issue affects web: 24.10.0, 24.04.0, 23.10.0.\u003c/p\u003e"
}
],
"value": "In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T19:27:33.378Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Second order SQL injection available to user with low privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-6791",
"datePublished": "2025-08-22T18:56:28.027Z",
"dateReserved": "2025-06-27T14:34:22.260Z",
"dateUpdated": "2025-09-16T19:27:33.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4650 (GCVE-0-2025-4650)
Vulnerability from nvd
Published
2025-08-22 18:50
Modified
2025-08-22 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T19:01:00.491601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T19:01:11.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Meta service indicator page"
],
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.9",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.16",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.26",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii for YesWeHack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26.\u003c/p\u003e"
}
],
"value": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T18:56:49.007Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User with high privileges is able to introduce a SQLi using the Meta Service indicator page",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4650",
"datePublished": "2025-08-22T18:50:42.034Z",
"dateReserved": "2025-05-13T11:40:55.019Z",
"dateUpdated": "2025-08-22T19:01:11.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4649 (GCVE-0-2025-4649)
Vulnerability from nvd
Published
2025-05-13 11:40
Modified
2025-10-15 13:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Summary
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:04:27.568609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:04:49.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.4",
"status": "affected",
"version": "24.10.3",
"versionType": "semver"
},
{
"lessThan": "24.04.10",
"status": "affected",
"version": "24.04.09",
"versionType": "semver"
},
{
"lessThan": "23.10.21",
"status": "affected",
"version": "23.10.19",
"versionType": "semver"
},
{
"lessThan": "23.04.26",
"status": "affected",
"version": "23.04.24",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benoit Poulet"
}
],
"datePublic": "2025-02-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.\u003c/p\u003e"
}
],
"value": "Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation.\n\n\n\nACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.\nThis issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:05:23.113Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-medium-severity-4349"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4649",
"datePublished": "2025-05-13T11:40:23.198Z",
"dateReserved": "2025-05-13T09:47:58.210Z",
"dateUpdated": "2025-10-15T13:05:23.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4648 (GCVE-0-2025-4648)
Vulnerability from nvd
Published
2025-05-13 09:45
Modified
2025-10-08 10:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
The content of a SVG file, received as input
in Centreon web, was not properly checked. Allows Reflected XSS.
A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:07.876396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:08:24.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.11",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.22",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
},
{
"lessThan": "23.04.27",
"status": "affected",
"version": "23.04.0",
"versionType": "semver"
},
{
"lessThan": "22.10.29",
"status": "affected",
"version": "22.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii working with YesWeHack"
}
],
"datePublic": "2025-03-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The content of a SVG file, received as input \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein Centreon web\u003c/span\u003e, was not properly checked. Allows Reflected XSS.\u003cbr\u003eA user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.\u003cbr\u003e\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.\u003c/p\u003e"
}
],
"value": "The content of a SVG file, received as input \n\nin Centreon web, was not properly checked. Allows Reflected XSS.\nA user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request.\nThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T10:07:58.081Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55575-centreon-web-high-severity-4434"
},
{
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4648",
"datePublished": "2025-05-13T09:45:41.519Z",
"dateReserved": "2025-05-13T09:32:38.704Z",
"dateUpdated": "2025-10-08T10:07:58.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4647 (GCVE-0-2025-4647)
Vulnerability from nvd
Published
2025-05-13 09:31
Modified
2025-05-13 13:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS.
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.
This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:16.035524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:08:24.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.5",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
},
{
"lessThan": "24.04.11",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "23.10.22",
"status": "affected",
"version": "23.10.0",
"versionType": "semver"
},
{
"lessThan": "23.04.27",
"status": "affected",
"version": "23.04.0",
"versionType": "semver"
},
{
"lessThan": "22.10.29",
"status": "affected",
"version": "22.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpawnZii working with YesWeHack"
}
],
"datePublic": "2025-03-12T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon web allows Reflected XSS.\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Centreon web allows Reflected XSS.\n\nA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG.\n\nThis issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:31:17.529Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55574-centreon-web-high-severity-4435"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4647",
"datePublished": "2025-05-13T09:31:17.529Z",
"dateReserved": "2025-05-13T09:25:32.395Z",
"dateUpdated": "2025-05-13T13:08:24.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4646 (GCVE-0-2025-4646)
Vulnerability from nvd
Published
2025-05-13 09:17
Modified
2025-10-08 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:08:49.597644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:09:27.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "web",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.04.10",
"status": "affected",
"version": "24.04.0",
"versionType": "semver"
},
{
"lessThan": "24.10.4",
"status": "affected",
"version": "24.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Floerer from YesWeHack"
}
],
"datePublic": "2025-03-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.\u003cp\u003eThis issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T10:00:43.607Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55572-centreon-web-high-severity-4460"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A high privilege user is able to create and use a valid admin API token in centreon-web",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-4646",
"datePublished": "2025-05-13T09:17:35.146Z",
"dateReserved": "2025-05-13T08:17:11.709Z",
"dateUpdated": "2025-10-08T10:00:43.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}