Search criteria
2 vulnerabilities found for Centreon BAM by Centreon
CVE-2025-3767 (GCVE-0-2025-3767)
Vulnerability from cvelistv5 – Published: 2025-04-22 15:16 – Updated: 2025-04-22 16:09
VLAI?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.
This page is only accessible to authenticated users with high privileges.
This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Centreon BAM |
Affected:
24.10 , < 24.10.1
(semver)
Affected: 24.04 , < 24.04.5 (semver) Affected: 23.10 , < 23.10.10 (semver) Affected: 23.04 , < 23.04.10 (semver) |
Credits
Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:03:03.920840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:03:14.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Boolean KPI listing"
],
"packageName": "centreon-bam",
"product": "Centreon BAM",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.1",
"status": "affected",
"version": "24.10",
"versionType": "semver"
},
{
"lessThan": "24.04.5",
"status": "affected",
"version": "24.04",
"versionType": "semver"
},
{
"lessThan": "23.10.10",
"status": "affected",
"version": "23.10",
"versionType": "semver"
},
{
"lessThan": "23.04.10",
"status": "affected",
"version": "23.04",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis page is only accessible to authenticated users with high privileges.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\n\n\nThis page is only accessible to authenticated users with high privileges.\n\nThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:09:54.998Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-46924-cve-2025-3767-centreon-bam-high-severity-4459"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection in Centreon BAM boolean KPI listing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-3767",
"datePublished": "2025-04-22T15:16:24.312Z",
"dateReserved": "2025-04-17T14:36:19.597Z",
"dateUpdated": "2025-04-22T16:09:54.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3767 (GCVE-0-2025-3767)
Vulnerability from nvd – Published: 2025-04-22 15:16 – Updated: 2025-04-22 16:09
VLAI?
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.
This page is only accessible to authenticated users with high privileges.
This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Centreon | Centreon BAM |
Affected:
24.10 , < 24.10.1
(semver)
Affected: 24.04 , < 24.04.5 (semver) Affected: 23.10 , < 23.10.10 (semver) Affected: 23.04 , < 23.04.10 (semver) |
Credits
Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:03:03.920840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:03:14.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Boolean KPI listing"
],
"packageName": "centreon-bam",
"product": "Centreon BAM",
"vendor": "Centreon",
"versions": [
{
"lessThan": "24.10.1",
"status": "affected",
"version": "24.10",
"versionType": "semver"
},
{
"lessThan": "24.04.5",
"status": "affected",
"version": "24.04",
"versionType": "semver"
},
{
"lessThan": "23.10.10",
"status": "affected",
"version": "23.10",
"versionType": "semver"
},
{
"lessThan": "23.04.10",
"status": "affected",
"version": "23.04",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Taylor, Ludovic Tavernier and Remi Millerand from Algosecure"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis page is only accessible to authenticated users with high privileges.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.\n\n\nThis page is only accessible to authenticated users with high privileges.\n\nThis issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:09:54.998Z",
"orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"shortName": "Centreon"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-46924-cve-2025-3767-centreon-bam-high-severity-4459"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SQL Injection in Centreon BAM boolean KPI listing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
"assignerShortName": "Centreon",
"cveId": "CVE-2025-3767",
"datePublished": "2025-04-22T15:16:24.312Z",
"dateReserved": "2025-04-17T14:36:19.597Z",
"dateUpdated": "2025-04-22T16:09:54.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}