CVE-2018-11587

Опубликовано: 25 июн. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.

Ссылки

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
Vendor Advisory
https://github.com/centreon/centreon/pull/6263
Third Party Advisory
https://github.com/centreon/centreon/releases
Third Party Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
Vendor Advisory
https://github.com/centreon/centreon/pull/6263
Third Party Advisory
https://github.com/centreon/centreon/releases
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:centreon:centreon:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:centreon:centreon_web:2.8.23:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01083

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-c8qc-cp8v-prpx