Centreon Map - Critical severity

Publication date: February 17, 2025

Components: centreon-map-engine (on map server), centreon-map-web-client (on central server)

Description: Security fixes have been made

Removed commons-logging (including Log4j). CVSS 9.8
Upgraded Apache Tomcat version. CVSS 9.8
Upgraded DOM purify. CVSS 8.3

Reference: N/A

Severity: Critical

Status: Fixes have been provided for all supported versions and it is recommended to update both Centreon Central server and Centreon Map server:

These versions include cumulative fixes from prior updates.

Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

Page 1 / 1

Hello :)

Thanks for the information.
May we have some details about the deps updates ?

From/To dependency version ? To check which CVE(s) has/have been fixed.
Thanks
Best,
W

Hi @CERTOCD from Apache Tomcat 10.1.30 to 10.1.34version.

These CVE-2024-56337 and https://CVE-2024-50379 were present.

Regards,

Hi,

Thanks @Laurent
As well as CVE-2024-52316 and CVE-2024-52317.

Do you know for DOM purify as well ?
Best,

For DOM purify:

bump mermaid from 9.1.3 to 10.9.3
bump dompurify from 2.3.6 to 2.5.4

Regards

For DOM purify:

bump mermaid from 9.1.3 to 10.9.3
bump dompurify from 2.3.6 to 2.5.4

Regards

Thanks a lot Laurent !

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded