SQL Injection Vulnerability Affects Centreon Web 24.04.x
CVE-2024-33853

9.1CRITICAL

Key Information:

Vendor: Centreon
Status: Centreon Web
Vendor: CVE Published:; 23 August 2024

What is CVE-2024-33853?

A SQL Injection vulnerability has been discovered in the Timeperiod component of Centreon Web, affecting multiple versions including 24.04.x, 23.10.x, 23.04.x, and 22.10.x. This flaw could allow attackers to manipulate SQL queries, potentially leading to unauthorized access or data disclosure. Users are advised to update to the latest versions to mitigate this risk.

References

https://github.com/centreon/centreon/releases

https://thewatch.centreon.com/latest-security-bulletins-6...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Apr 27, 2024

CVE-2024-33853 Data

JSON