Skip to main content

Security Bulletins

Stay informed with the latest Centreon security bulletins to safeguard your infrastructure effectively.

7 Topics
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

Security fixed in Centreon Web Submission: June 21, 2024Publication date: September 17, 2024Severity: HIGH Feature: Edition of contacts / usersComponent: centreon-webFixes have been provided for all supported versions and it is recommended to update Centreon Web:Centreon Web 24.04.6 Centreon Web 23.10.16 Centreon Web 23.04.21 Centreon Web 22.10.24These versions include cumulative fixes from prior updates. SQLis in contacts form, only accessible to authenticated users with high privilege access. (CVE-2024-39842, CVE-2024-39843)Reporter: Trend MicroImpact:  (CVSS + Path)  7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Description: SQL injection vulnerabilities have been fixed in contacts form. These vulnerabilities were exploitable by authenticated users with high privilege access.Reference: CVE-2024-39842, CVE-2024-39843

470
Laurent
Centreonian
20 hours ago
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

An audit has identified security vulnerabilities in Centreon Web.Centreon is unaware of situations where these could have been exploited.If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk. Type of vulnerability :CVE-2024-32501 : SQL Injection, in updateServiceHostCVE-2024-33852 : SQL Injection in Downtime componentCVE-2024-33853 : SQL Injection in Timeperiod componentCVE-2024-33854 : SQL Injection in Graph Template componentCVE-2024-5725 : SQL Injection in Metric Image componentCVE-2024-39841 : SQL Injection via service configuration It is therefore highly recommended to apply the provided product updates as early as possible. Version impactedAll Centreon on-premise platform versions are vulnerable. Applying the fixFixes have been provided for all supported versions and it is recommended to update Centreon Web: Centreon Web 24.04.3 Centreon Web 23.10.

16890
Laurent
Centreonian
26 days ago
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

An audit has identified security vulnerabilities in Centreon Web.Centreon is unaware of situations where these could have been exploited.If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk. CVE registration: CVE-2024-0637, CVE-2024-23115, CVE-2024-23116, CVE-2024-23117, CVE-2024-23118, CVE-2024-23119 It is therefore highly recommended to apply the provided product updates as early as possible. Who is impacted?All Centreon on-premise platform versions are vulnerable. Centreon Cloud platforms have already been updated. Applying the fixFixes have been provided for all supported versions and it is recommended to update Centreon Web: Centreon Web 23.10.5 Centreon Web 23.04.13 Centreon Web 22.10.17 Centreon Web 22.04.19 These versions include cumulative fixes from prior updates. If you are running an unsupported version, it is strongly recommended that y

540
Laurent
Centreonian
26 days ago
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon Websecurity bulletin

An audit has identified security vulnerabilities in Centreon Web.Centreon is unaware of situations where these could have been exploited.If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk. It is therefore highly recommended to apply the provided product updates as early as possible. Who is impacted?All Centreon on-premise platform versions are vulnerable. Centreon Cloud platforms have already been updated. Applying the fixFixes have been provided for all supported versions and it is recommended to update Centreon Web: Centreon Web 23.04.4 Centreon Web 22.10.9 Centreon Web 22.04.14 Centreon Web 21.10.15 These versions include cumulative fixes from prior updates. If you are running an unsupported version, it is strongly recommended that you upgrade your platform to 23.04.

190
Laurent
Centreonian
26 days ago
Laurent
Centreonian
LaurentCentreonian
published in Latest Security Bulletins
CVE-2022-37454 impact on Centreon productssecurity bulletin

SummaryAn exploit for a critical vulnerability (CVE-2022-37454) impacting PHP and other middleware was publicly released on October 20, 2022.A detailed description of the vulnerability can be found on Red Hat Customer Portal.The Centreon Security Group has conducted an initial assessment across the codebase to determine the impact of this vulnerability.   ImpactsNot specified by publisher Data Privacy Breach Affected systemsPHP 8.0.x versions prior to 8.0.25 PHP 8.1.x versions prior to 8.1.12 State of investigationRed Hat is currently under investigation on potential effects.Centreon doesn’t use SHA-3 mechanism, so no Centreon Editions is impacted.However, PHP versions 8.0.25 and 8.1.12 are already available with fixes to this vulnerability, so PHP can be updated on your Centreon platforms using following commands:For all supported Centreon versions (21.10 to 22.10) on Enterprise Linux 7 et 8:yum update php\*systemctl restart php-fpmFor Centreon 22.04 on Debian 11:apt updateapt upgrade

330
Laurent
Centreonian
26 days ago
N
Centreonian
NilsCentreonian
published in Latest Security Bulletins
[UPDATED] Text4Shell impact on Centreon Productssecurity bulletin

SummaryA zero-day exploit for a vulnerability code-named Text4Shell (CVE-2022-42889) was publicly released on October 12th 2022. The Centreon Security Group has conducted an initial assessment across the codebase to determine the impact of this vulnerability.  The vulnerability is embedded in a java component named Apache-commons-text, in versions from 1.5 to 1.10. It can only be exploited in a very specific context. ImpactCentreon components that could have been affected are the ones that uses Java code: Centreon MAP server Centreon MBI AS400 plugin No other component (including opensource) is affected.No Centreon Cloud service is affected. State of investigationMAP, MBI and AS400 plugin do not use this dependency in any version.If this library is present on your Centreon environment you need to check which software uses it. MAP, MBI and AS400 plugin are not affected by Text4Shell. ---- UPDATE 11/08/2022 17.00 ---- The library commons-text-1.9.jar is actually retrieved indirectly

150
N
Centreonian
26 days ago
rchauvel
Centreonian
rchauvelCentreonian
published in Latest Security Bulletins
Security bulletin for Centreon MBI and Centreon Websecurity bulletin

An internal audit has identified security vulnerabilities in Centreon MBI and Centreon Web.Centreon is unaware of situations where these could have been exploited.These vulnerabilities have a low likelihood of being exploited but have a severe impact if exploited which results in a high risk.It is therefore highly recommended to apply the provided product updates as early as possible. Who is impacted?Your Centreon platform is vulnerable if Centreon MBI has been installed.Centreon Cloud platforms are not impacted. Applying the fixFixes have been provided for all supported versions and it is recommended to update both Centreon Web and Centreon MBI: Centreon Web 22.04.7 and Centreon MBI 22.04.2 Centreon Web 21.10.13 and Centreon MBI 21.10.2 Centreon Web 21.04.20 and Centreon MBI 21.04.5 These versions include cumulative fixes from prior updates. If you are running an unsupported version, it is strongly recommended that you upgrade your platform to 22.04.

280
rchauvel
Centreonian
26 days ago

Badge winners

  • Five Replies
    Black07cd26has earned the badge Five Replies
  • First Reply
    fringhas earned the badge First Reply
  • First Topic Created
    fringhas earned the badge First Topic Created
  • Social Expert
    jbosshas earned the badge Social Expert
  • Five Topics Created
    jbosshas earned the badge Five Topics Created
Show all badges
Terms & ConditionsCookie settings