{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-45755", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-26T15:15:00.564Z", "dateReserved": "2024-09-06T00:00:00", "datePublished": "2024-11-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-25T17:03:17.237708"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/centreon/centreon/releases"}, {"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45755-centreon-dsm-high-severity-4066"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "affected": [{"vendor": "centreon", "product": "centreon", "cpes": ["cpe:2.3:a:centreon:centreon:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24.04.0", "status": "affected", "lessThan": "24.04.2", "versionType": "custom"}, {"version": "23.10.0", "status": "affected", "lessThan": "23.10.1", "versionType": "custom"}, {"version": "23.04.0", "status": "affected", "lessThan": "23.04.3", "versionType": "custom"}, {"version": "22.10.0", "status": "affected", "lessThan": "22.10.2", "versionType": "custom"}, {"version": "24.10", "status": "affected", "lessThan": "24.10.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T15:14:54.416034Z", "id": "CVE-2024-45755", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T15:15:00.564Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45755", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-26T15:14:54.416034Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:centreon:centreon:-:*:*:*:*:*:*:*"], "vendor": "centreon", "product": "centreon", "versions": [{"status": "affected", "version": "24.04.0", "lessThan": "24.04.2", "versionType": "custom"}, {"status": "affected", "version": "23.10.0", "lessThan": "23.10.1", "versionType": "custom"}, {"status": "affected", "version": "23.04.0", "lessThan": "23.04.3", "versionType": "custom"}, {"status": "affected", "version": "22.10.0", "lessThan": "22.10.2", "versionType": "custom"}, {"status": "affected", "version": "24.10", "lessThan": "24.10.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T15:14:42.788Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/centreon/centreon/releases"}, {"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45755-centreon-dsm-high-severity-4066"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-25T17:03:17.237708"}}}, "cveMetadata": {"cveId": "CVE-2024-45755", "state": "PUBLISHED", "dateUpdated": "2024-11-26T15:15:00.564Z", "dateReserved": "2024-09-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-11-25T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Centreon centreon-dsm-server 24.10.x anterior a 24.10.0, 24.04.x anterior a 24.04.3, 23.10.x anterior a 23.10.1, 23.04.x anterior a 23.04.3 y 22.10.x anterior a 22.10.2. La inyecci\u00f3n de SQL puede ocurrir en el formulario para configurar las ranuras de Centreon DSM. La explotaci\u00f3n solo es accesible para usuarios autenticados con acceso con privilegios elevados."}], "id": "CVE-2024-45755", "lastModified": "2024-11-26T16:15:15.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-25T17:15:12.293", "references": [{"source": "cve@mitre.org", "url": "https://github.com/centreon/centreon/releases"}, {"source": "cve@mitre.org", "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45755-centreon-dsm-high-severity-4066"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}