SQL Injection Vulnerability in Centreon BI Server by Centreon
CVE-2024-45754

7.2HIGH

Key Information:

Vendor: Centreon
Status: Centreon BI Server
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-45754?

A SQL injection vulnerability has been identified in the centreon-bi-server component of Centreon BI Server. This issue allows authenticated users with elevated privileges to exploit weaknesses in the reporting jobs configuration. Affected versions include several releases prior to their specified updates, which may lead to unauthorized access to sensitive data within reporting frameworks. Organizations utilizing these versions are strongly advised to update to the latest releases as outlined in the vendor's security bulletins.

References

https://github.com/centreon/centreon/releases

https://www.algosecure.fr/actualites/blog

https://thewatch.centreon.com/latest-security-bulletins-6...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 6, 2024

CVE-2024-45754 Data

JSON