Skip to main content

Security Bulletins

Stay informed with the latest Centreon security bulletins to safeguard your infrastructure effectively.

24 Topics
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-46924/CVE-2025-3767 - Centreon BAM - High severitysecurity bulletin

Publication date: March 10th, 2025Component: centreon-bam-server (on central server)Feature: Boolean KPI listing Description: SQLi in the listing of Boolean KPI, only accessible to authenticated users with high privilege access. Reference: CVE-2025-3767 (previously CVE-2024-46924)CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:centreon-bam-server 24.10.1 centreon-bam-server 24.04.5 centreon-bam-server 23.10.10 centreon-bam-server 23.04.10These versions include cumulative fixes from prior updates. Reporter: Matthew Taylor, Ludovic Tavernier and Remi Millerand from AlgosecureSubmission: August 30, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

3101
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2023-28447 - Centreon - High severitysecurity bulletin

Publication date: March 12, 2025Update: April, 1st, 2025Components: centreon-web and all modules.Feature: All legacy pages Description: Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Upgrade to either version 3.1.48.1 Reference: CVE-2024-55573CVSS:  7.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central, Centreon Map and Centreon MBI servers:Centreon 23.10.x Centreon 23.04.xThese versions include cumulative fixes from prior updates.Centreon 24.10.x and 24.04.x versions are not impacted, they are using 3.1.39 version. Subm

1401
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-55571 - Centreon Web - High severitySecurity bulletin

Publication date: March 17, 2025Component: centreon-web.Feature: User / Contact form Description: User with high privileges is able to become administrator by intercepting a request and altering the payload Reference: CVE-2024-55571CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Web 24.10.4 Centreon Web 24.04.10 Centreon Web 23.10.20 Centreon Web 23.04.25These versions include cumulative fixes from prior updates. Reporter: Floerer for YesWeHackSubmission: November 25, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

3040
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-35226 - Centreon - High severitysecurity bulletin

Publication date: March 12, 2025Component: centreon-web and all modules.Feature: All legacy pages Description: smarty/smarty is vulnerable to code injection. The vulnerability is due to insufficient validation of file names used in the `extends-tag`. This allows attackers to inject PHP code by choosing a malicious file name for an `extends-tag`. Reference: CVE-2024-35226CVSS:  7.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central, Centreon Map and Centreon MBI servers:Centreon 24.10.x Centreon 24.04.x Centreon 23.10.x Centreon 23.04.xThese versions include cumulative fixes from prior updates. Reporter: N/ASubmission: November 28, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

1500
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-55574 - Centreon Web - High severitysecurity bulletin

Publication date: March 12, 2025Component: centreon-web (on central server).Feature: Media upload Description: A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. Reference: CVE-2024-55574CVSS:  8.4 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Web 24.10.5 Centreon Web 24.04.11 Centreon Web 23.10.22 Centreon Web 23.04.27These versions include cumulative fixes from prior updates. Reporter: SpawnZii working with YesWeHackSubmission: November 27, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

740
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-55575 - Centreon Web - High severitysecurity bulletin

Publication date: March 12, 2025Component: centreon-web (on central server).Feature: Media upload Description: A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. Reference: CVE-2024-55575CVSS:  8.4 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Web 24.10.5 Centreon Web 24.04.11 Centreon Web 23.10.22 Centreon Web 23.04.27These versions include cumulative fixes from prior updates. Reporter: SpawnZii working with YesWeHackSubmission: November 27, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

640
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-55572 - Centreon Web - HIGH severitysecurity bulletin

  Publication date: March 10th, 2025Component: centreon-web (on central server).Feature: API Token Description: On the API token page a user with high privilege is able to create an API token for an admin owner and copy this token's value. Reference: CVE-2024-55572CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions having this feature and it is recommended to update Centreon Central server:Centreon Web 24.10.4 Centreon Web 24.04.10These versions include cumulative fixes from prior updates. Reporter: Floerer from YesWeHackSubmission: November 25, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

1110
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Centreon Map - Critical severitysecurity bulletin

Publication date: February 17, 2025Components: centreon-map-engine (on map server), centreon-map-web-client (on central server) Description: Security fixes have been madeRemoved commons-logging (including Log4j). CVSS 9.8 Upgraded Apache Tomcat version. CVSS 9.8 Upgraded DOM purify. CVSS 8.3  Reference: N/ASeverity: Critical Status: Fixes have been provided for all supported versions and it is recommended to update both Centreon Central server and Centreon Map server:Centreon Map 24.10.3 Centreon Map 24.04.9 Centreon Map Legacy 24.04.9 Centreon Map 23.10.17 Centreon Map Legacy 23.10.17 Centreon Map 23.04.22 Centreon Map Legacy 23.04.22These versions include cumulative fixes from prior updates. Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

1785
C
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Centreon Web - medium severitySecurity bulletin

Publication date: February 10, 2025Component: centreon-web (on central server).Feature: Event Logs page Description: ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. Reference: To Be DefinedCVSS:  4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NSeverity: Medium Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Web 24.10.4 Centreon Web 24.04.10 Centreon Web 23.10.21 Centreon Web 23.04.26These versions include cumulative fixes from prior updates. Reporter: Benoit PouletSubmission: February 3rd, 2025Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

1290
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-55573 - Centreon Web - Critical severitysecurity bulletin

Publication date: January 3rd, 2025Component: centreon-web (on central server).Feature: Virtual metrics settings Description: SQLi in the form used to create virtual metrics in centreon-web, only accessible to authenticated users with high privilege access and rights to create a virtual metric. Reference: CVE-2024-55573CVSS:  9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Severity: CRITICAL Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Web 24.10.3 Centreon Web 24.04.9 Centreon Web 23.10.19 Centreon Web 23.04.24These versions include cumulative fixes from prior updates. Reporter: SpawnZii for YesWeHackSubmission: November 25, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

8131
dagabard
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-53923 - Centreon Web - Critical severitysecurity bulletin

Publication date: January 3rd, 2025Component: centreon-web (on central server).Feature: Upload of medias Description: SQLi in the form to upload media in centreon-web, only accessible to authenticated users with high privilege access (access to administration pages). Reference: CVE-2024-53923CVSS:  9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Severity: CRITICAL Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Web 24.10.3 Centreon Web 24.04.9 Centreon Web 23.10.19 Centreon Web 23.04.24These versions include cumulative fixes from prior updates. Reporter: SpawnZii for YesWeHackSubmission: November 21, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

3830
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-45757 - Centreon BAM - High severitysecurity bulletin

Publication date: December 3rd, 2024Component: centreon-bam-server (on central server).Feature: Manage user settings Description: SQLi in the user settings form, only accessible to authenticated users with high privilege access. Reference: CVE-2024-45757CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon BAM 24.10.0 Centreon BAM 24.04.4 Centreon BAM 23.10.9 Centreon BAM 23.04.9These versions include cumulative fixes from prior updates. Reporter: Matthew Taylor, Ludovic Tavernier and Rémi Millerand from AlgosecureSubmission: Aug 30, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date. 

4210
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-45755 - Centreon DSM - High severitysecurity bulletin

Publication date: November 22, 2024Component: centreon-dsm-server (on central server).Feature: Manage DSM slots Description: SQLi in the form to configure Centreon DSM slots, only accessible to authenticated users with high privilege access. Reference: CVE-2024-45755CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon DSM 24.10.0 Centreon DSM 24.04.3 Centreon DSM 23.10.1 Centreon DSM 23.04.3 Centreon DSM 22.10.2These versions include cumulative fixes from prior updates. Reporter: Matthew Taylor, Ludovic Tavernier and Rémi Millerand from AlgosecureSubmission: Aug 30, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

6560
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-45756 - Centreon Open Tickets - High severitysecurity bulletin

Publication date: November 22, 2024Component: centreon-open-tickets (on central server).Feature: Open Tickets into ITSM tool from Centreon Description: SQLi in the form to create a ticket, only accessible to authenticated users with high privilege access. Reference: CVE-2024-45756CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Open Tickets 24.10.0 Centreon Open Tickets 24.04.2 Centreon Open Tickets 23.10.1 Centreon Open Tickets 23.04.4 Centreon Open Tickets 22.10.4These versions include cumulative fixes from prior updates.👉 Important note: to ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to:Take a backup of these folders: /usr/share/centreon/www/modules/centreon-open-tickets and /usr/share/centreon/www/widgets/open-tickets Apply the patch Copy the backed up register.php f

4720
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-47863 - Centreon WEB - Medium severitySecurity bulletin

Publication date: November 22, 2024Component: centreon-web (on central server).Feature: Monitoring configuration logs Description: A stored XSS was found in the user configuration contact name field.Details : A script can be stored in the contact name field to be reflected in the adminstration logs. These two pages are only accessible to authenticated users with high privilege access. Reference: CVE-2024-47863CVSS:  6.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N Severity: MEDIUM Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon Web 24.10.0 Centreon Web 24.04.8 Centreon Web 23.10.18 Centreon Web 23.04.23 Centreon Web 22.10.26These versions include cumulative fixes from prior updates. Reporter: Mounir Aarab from NTT BelgiumSubmission: Sep 14, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring

6520
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2024-45754 - Centreon MBI - High severitySecurity Bulletin

Publication date: October 10, 2024Component: centreon-bi-server (on central server).Feature: Reporting jobs configuration. Description: A SQL injection vulnerability in the listing of configured reporting jobs.Details : SQLi in configuration pages, only accessible to authenticated users with high privilege access. Reference: CVE-2024-45754CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Severity: HIGH Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:Centreon BI Server 24.04.3 Centreon BI Server 23.10.8 Centreon BI Server 23.04.11 Centreon BI Server 22.10.11These versions include cumulative fixes from prior updates. Reporter: Matthew Taylor, Ludovic Tavernier and Rémi Millerand from AlgosecureSubmission: Jul 31, 2024 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secur

7210
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

Security fixed in Centreon Web Submission: June 26, 2024Publication date: October 1, 2024Severity: MEDIUM Component: centreon-webFixes have been provided for all supported versions and it is recommended to update Centreon Web:Centreon Web 24.04.7 Centreon Web 23.10.17 Centreon Web 23.04.22 Centreon Web 22.10.24These versions include cumulative fixes from prior updates. CVE-2022-31160Reporter: Orange BVPNImpact:  (CVSS + Path)  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Description: Vulnerabilities where present into previous jQuery UI dependency (prior to 1.13.2).Reference: CVE-2022-31160 Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date. 

4430
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

Security fixed in Centreon Web Submission: June 21, 2024Publication date: September 17, 2024Severity: HIGH Feature: Edition of contacts / usersComponent: centreon-webFixes have been provided for all supported versions and it is recommended to update Centreon Web:Centreon Web 24.04.6 Centreon Web 23.10.16 Centreon Web 23.04.21 Centreon Web 22.10.24These versions include cumulative fixes from prior updates. CVE-2024-39842 - SQLi in contacts form, only accessible to authenticated users with high privilege access.Reporter: Trend MicroImpact:  (CVSS + Path)  7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Description: A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.Reference: CVE-2024-39842 CVE-2024-39843 - SQLi in contacts form, only accessible to authenticated users with high privilege access.Reporter: Trend MicroImpact:  (CVSS + Path)  7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/

8250
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

An audit has identified security vulnerabilities in Centreon Web.Centreon is unaware of situations where these could have been exploited.If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk. Type of vulnerability :CVE-2024-32501 : SQL Injection, in updateServiceHostCVE-2024-33852 : SQL Injection in Downtime componentCVE-2024-33853 : SQL Injection in Timeperiod componentCVE-2024-33854 : SQL Injection in Graph Template componentCVE-2024-5725 : SQL Injection in Metric Image componentCVE-2024-39841 : SQL Injection via service configuration It is therefore highly recommended to apply the provided product updates as early as possible. Version impactedAll Centreon on-premise platform versions are vulnerable. Applying the fixFixes have been provided for all supported versions and it is recommended to update Centreon Web: Centreon Web 24.04.3 Centreon Web 23.10.

21290
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

An audit has identified security vulnerabilities in Centreon Web.Centreon is unaware of situations where these could have been exploited.If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk. CVE registration: CVE-2024-0637, CVE-2024-23115, CVE-2024-23116, CVE-2024-23117, CVE-2024-23118, CVE-2024-23119 It is therefore highly recommended to apply the provided product updates as early as possible. Who is impacted?All Centreon on-premise platform versions are vulnerable. Centreon Cloud platforms have already been updated. Applying the fixFixes have been provided for all supported versions and it is recommended to update Centreon Web: Centreon Web 23.10.5 Centreon Web 23.04.13 Centreon Web 22.10.17 Centreon Web 22.04.19 These versions include cumulative fixes from prior updates. If you are running an unsupported version, it is strongly recommended that y

1030
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

An audit has identified security vulnerabilities in Centreon Web.Centreon is unaware of situations where these could have been exploited.If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk. It is therefore highly recommended to apply the provided product updates as early as possible. Who is impacted?All Centreon on-premise platform versions are vulnerable. Centreon Cloud platforms have already been updated. Applying the fixFixes have been provided for all supported versions and it is recommended to update Centreon Web: Centreon Web 23.04.4 Centreon Web 22.10.9 Centreon Web 22.04.14 Centreon Web 21.10.15 These versions include cumulative fixes from prior updates. If you are running an unsupported version, it is strongly recommended that you upgrade your platform to 23.04.

370
Laurent
Centreonian
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2022-37454 impact on Centreon productssecurity bulletin

SummaryAn exploit for a critical vulnerability (CVE-2022-37454) impacting PHP and other middleware was publicly released on October 20, 2022.A detailed description of the vulnerability can be found on Red Hat Customer Portal.The Centreon Security Group has conducted an initial assessment across the codebase to determine the impact of this vulnerability.   ImpactsNot specified by publisher Data Privacy Breach Affected systemsPHP 8.0.x versions prior to 8.0.25 PHP 8.1.x versions prior to 8.1.12 State of investigationRed Hat is currently under investigation on potential effects.Centreon doesn’t use SHA-3 mechanism, so no Centreon Editions is impacted.However, PHP versions 8.0.25 and 8.1.12 are already available with fixes to this vulnerability, so PHP can be updated on your Centreon platforms using following commands:For all supported Centreon versions (21.10 to 22.10) on Enterprise Linux 7 et 8:yum update php\*systemctl restart php-fpmFor Centreon 22.04 on Debian 11:apt updateapt upgrade

900
Laurent
Centreonian
N
Centreonian
NilsCentreonian
published in Latest Security Bulletins
[UPDATED] Text4Shell impact on Centreon Productssecurity bulletin

SummaryA zero-day exploit for a vulnerability code-named Text4Shell (CVE-2022-42889) was publicly released on October 12th 2022. The Centreon Security Group has conducted an initial assessment across the codebase to determine the impact of this vulnerability.  The vulnerability is embedded in a java component named Apache-commons-text, in versions from 1.5 to 1.10. It can only be exploited in a very specific context. ImpactCentreon components that could have been affected are the ones that uses Java code: Centreon MAP server Centreon MBI AS400 plugin No other component (including opensource) is affected.No Centreon Cloud service is affected. State of investigationMAP, MBI and AS400 plugin do not use this dependency in any version.If this library is present on your Centreon environment you need to check which software uses it. MAP, MBI and AS400 plugin are not affected by Text4Shell. ---- UPDATE 11/08/2022 17.00 ---- The library commons-text-1.9.jar is actually retrieved indirectly

700
N
Centreonian
rchauvel
Centreonian
rchauvelCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon MBI and Centreon Websecurity bulletin

An internal audit has identified security vulnerabilities in Centreon MBI and Centreon Web.Centreon is unaware of situations where these could have been exploited.These vulnerabilities have a low likelihood of being exploited but have a severe impact if exploited which results in a high risk.It is therefore highly recommended to apply the provided product updates as early as possible. Who is impacted?Your Centreon platform is vulnerable if Centreon MBI has been installed.Centreon Cloud platforms are not impacted. Applying the fixFixes have been provided for all supported versions and it is recommended to update both Centreon Web and Centreon MBI: Centreon Web 22.04.7 and Centreon MBI 22.04.2 Centreon Web 21.10.13 and Centreon MBI 21.10.2 Centreon Web 21.04.20 and Centreon MBI 21.04.5 These versions include cumulative fixes from prior updates. If you are running an unsupported version, it is strongly recommended that you upgrade your platform to 22.04.

400
rchauvel
Centreonian

Badge winners

  • First Topic Created
    Kolohas earned the badge First Topic Created
  • First Reply
    Juanito_Alimañahas earned the badge First Reply
  • First Topic Created
    fgoebelhas earned the badge First Topic Created
  • First Reply
    FRANCOIS P.has earned the badge First Reply
  • First Reply
    eric-Phas earned the badge First Reply
Show all badges
Terms & ConditionsCookie settings