An audit has identified security vulnerabilities in Centreon Web.
Centreon is unaware of situations where these could have been exploited.
If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk.
Type of vulnerability :
CVE-2024-32501 : SQL Injection, in updateServiceHost
CVE-2024-33852 : SQL Injection in Downtime component
CVE-2024-33853 : SQL Injection in Timeperiod component
CVE-2024-33854 : SQL Injection in Graph Template component
CVE-2024-5725 : SQL Injection in Metric Image component
CVE-2024-39841 : SQL Injection via service configuration
It is therefore highly recommended to apply the provided product updates as early as possible.
Version impacted
- All Centreon on-premise platform versions are vulnerable.
Applying the fix
Fixes have been provided for all supported versions and it is recommended to update Centreon Web:
These versions include cumulative fixes from prior updates.
If you are running an unsupported version, it is strongly recommended that you upgrade your platform to 24.04.
Centreon Cloud platforms have already been updated.