SQL Injection vulnerability in Centreon Web 24.04.x
CVE-2024-32501

9.8CRITICAL

Key Information:

Vendor: Centreon
Status: Centreon Web
Vendor: CVE Published:; 23 August 2024

What is CVE-2024-32501?

A SQL Injection vulnerability has been identified in the updateServiceHost functionality of Centreon Web. This weakness allows an attacker to manipulate SQL queries by injecting malicious code through input fields, potentially leading to unauthorized access to sensitive information stored in the database. This vulnerability affects multiple versions of Centreon Web, making it crucial for users to update to secure versions to mitigate the risk of exploitation.

References

https://centreon.com

https://thewatch.centreon.com/latest-security-bulletins-6...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Apr 15, 2024

CVE-2024-32501 Data

JSON