Skip to main content

An audit has identified security vulnerabilities in Centreon Web.

Centreon is unaware of situations where these could have been exploited.

If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk.

 

Type of vulnerability :

CVE-2024-32501 : SQL Injection, in updateServiceHost

CVE-2024-33852 : SQL Injection in Downtime component

CVE-2024-33853 : SQL Injection in Timeperiod component

CVE-2024-33854 : SQL Injection in Graph Template component

CVE-2024-5725 : SQL Injection in Metric Image component

CVE-2024-39841 : SQL Injection via service configuration

 

It is therefore highly recommended to apply the provided product updates as early as possible.

 

Version impacted

  • All Centreon on-premise platform versions are vulnerable.

 

Applying the fix

Fixes have been provided for all supported versions and it is recommended to update Centreon Web:

These versions include cumulative fixes from prior updates.

 

If you are running an unsupported version, it is strongly recommended that you upgrade your platform to 24.04.

Centreon Cloud platforms have already been updated.

 

Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

Be the first to reply!

Reply