Publication date: March 10th, 2025
Component: centreon-bam-server (on central server)
Feature: Boolean KPI listing
Description: SQLi in the listing of Boolean KPI, only accessible to authenticated users with high privilege access.
Reference: CVE-2025-3767 (previously CVE-2024-46924)
CVSS: 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:
- centreon-bam-server 24.10.1
- centreon-bam-server 24.04.5
- centreon-bam-server 23.10.10
- centreon-bam-server 23.04.10
These versions include cumulative fixes from prior updates.
Reporter: Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure
Submission: August 30, 2024
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.