SQL Injection Vulnerability Affects Centreon Web 24.04.x and Earlier Versions
CVE-2024-33852

9.1CRITICAL

Key Information:

Vendor: Centreon
Status: Centreon Web
Vendor: CVE Published:; 23 August 2024

What is CVE-2024-33852?

A SQL Injection vulnerability exists in the Downtime component of Centreon Web, exposing affected versions to potential unauthorized data access. This vulnerability allows an attacker to execute arbitrary SQL queries, jeopardizing the security of the underlying database. Users are advised to update to the latest versions to mitigate this risk. For further details and updates, visit the official Centreon release notes and security bulletins.

References

https://github.com/centreon/centreon/releases

https://thewatch.centreon.com/latest-security-bulletins-6...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Apr 27, 2024

CVE-2024-33852 Data

JSON