SQL Injection Vulnerability Affects Centreon Web 24.04.x Releases
CVE-2024-33854

9.1CRITICAL

Key Information:

Vendor: Centreon
Status: Centreon Web
Vendor: CVE Published:; 23 August 2024

What is CVE-2024-33854?

A SQL Injection vulnerability exists in the Graph Template component of Centreon Web versions prior to specific releases. This flaw allows attackers to manipulate database queries through user inputs, potentially leading to unauthorized access to sensitive data. It’s crucial for users of affected versions to apply the necessary updates to mitigate the risk posed by this vulnerability.

References

https://github.com/centreon/centreon/releases

https://thewatch.centreon.com/latest-security-bulletins-6...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Apr 27, 2024

CVE-2024-33854 Data

JSON