PT-2025-17547 · Centreon · Centreon Bam
Ludovic Tavernier
+2
·
Published
2025-04-22
·
Updated
2025-04-22
·
CVE-2025-3767
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Centreon BAM versions 23.04 through 23.04.9
Centreon BAM versions 23.10 through 23.10.9
Centreon BAM versions 24.04 through 24.04.4
Centreon BAM versions 24.10 through 24.10.0
Description
The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability affects the Boolean KPi Listing modules in Centreon BAM and is accessible only to authenticated users with high privileges.
Recommendations
For Centreon BAM versions 23.04 through 23.04.9, update to version 23.04.10.
For Centreon BAM versions 23.10 through 23.10.9, update to version 23.10.10.
For Centreon BAM versions 24.04 through 24.04.4, update to version 24.04.5.
For Centreon BAM versions 24.10 through 24.10.0, update to version 24.10.1.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centreon Bam