CVE-2024-55574

2025-05-13 19:01:23.477089 (UTC +09:00)

[CERTVDE] SMA: Sunny Portal demo system privilege escalation

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

Assigner: CERTVDE Published: 2025-05-13T08:47:33.564Z Updated: 2025-05-13T08:47:33.564Z Score: 8.6 (HIGH) [cvssV3 1]

CWE: CWE-669 Incorrect Resource Transfer Between Spheres

Affected. (1) SMA: www.sunnyportal.com All < 20.02.2025

References. (1) https://cert.vde.com/en/advisories/VDE-2025-010

Interesting. Remote Attack

[vmware] [pgpool] Unauthenticated access to postgres through pgpool

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that ...

Assigner: vmware Published: 2025-05-13T09:13:30.613Z Updated: 2025-05-13T09:13:30.613Z Score: 9.4 (CRITICAL) [cvssV4 0]

CWE: Unknown

Affected. (1) VMware: Bitnami All < 4.6.0-debian-12-r8 (2) VMware: Bitnami All < 16.0.0

References. (1) https://github.com/bitnami/charts/security/advisories/GHSA-mx38-x658-5fwj

Interesting. Docker, Kubernetes

[Centreon] A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflec...

Assigner: Centreon Published: 2025-05-13T09:31:17.529Z Updated: 2025-05-13T09:31:17.529Z Score: 8.4 (HIGH) [cvssV3 1]

CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected. (1) Centreon: web 24.10.0 < 24.10.5, 24.04.0 < 24.04.11, 23.10.0 < 23.10.22, 23.04.0 < 23.04.27, 22.10.0 < 22.10.29

References. (1) https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55574-centreon-web-high-severity-4435 (2) https://github.com/centreon/centreon/releases

Interesting. Improper Neutralization

[Centreon] A high privilege user is able to create and use a valid admin API token in centreon-web

Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue af...

Assigner: Centreon Published: 2025-05-13T09:17:35.146Z Updated: 2025-05-13T09:19:49.835Z Score: 7.2 (HIGH) [cvssV3 1]

CWE: CWE-269 Improper Privilege Management

Affected. (1) Centreon: web 24.04.0 < 24.04.10, 24.10.0 < 24.10.4

References. (1) https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55572-centreon-web-high-severity-4460 (2) https://github.com/centreon/centreon/releases

Interesting. Privilege Escalation