{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/awie/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Anomaly Detection","Auto Discovery","AWIE","BAM","DSM","License Manager","MAP","MBI","Open Tickets"],"_cs_severities":["high"],"_cs_tags":["centreon","vulnerability","rce","sqli","xss"],"_cs_type":"threat","_cs_vendors":["Centreon"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in Centreon products, potentially allowing attackers to perform malicious actions. These vulnerabilities, disclosed in the April 2026 monthly security bulletin, include remote code execution (RCE), SQL injection (SQLi), and cross-site scripting (XSS). Exploitation of these flaws could lead to complete system compromise. The affected products include various modules such as Anomaly Detection, Auto Discovery, AWIE, BAM, DSM, License Manager, MAP, MBI, and Open Tickets. Successful exploitation of these vulnerabilities allows an attacker to execute arbitrary code remotely, inject malicious SQL queries, and inject malicious scripts into web pages viewed by other users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Centreon product exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting a specific vulnerable endpoint in one of the affected Centreon modules (e.g., Anomaly Detection, Auto Discovery).\u003c/li\u003e\n\u003cli\u003eIf exploiting the SQL injection vulnerability, the attacker injects malicious SQL code into a parameter within the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe Centreon application processes the malicious SQL code, allowing the attacker to read, modify, or delete data from the database.\u003c/li\u003e\n\u003cli\u003eIf exploiting the XSS vulnerability, the attacker injects malicious JavaScript code into a field that is displayed to other users.\u003c/li\u003e\n\u003cli\u003eWhen another user views the page containing the injected JavaScript, the code executes in their browser, potentially stealing credentials or performing other malicious actions.\u003c/li\u003e\n\u003cli\u003eIf exploiting the RCE vulnerability, the attacker injects code that allows arbitrary command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker executes commands to gain a reverse shell, install malware, or further compromise the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can have severe consequences. An attacker could gain complete control of the Centreon system, leading to data breaches, service disruption, and further compromise of the network. Given Centreon\u0026rsquo;s role in infrastructure monitoring, a successful attack could blind organizations to critical issues and allow attackers to move laterally within the network undetected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patches provided in the Centreon security bulletin immediately to all affected products (Anomaly Detection, Auto Discovery, AWIE, BAM, DSM, License Manager, MAP, MBI, Open Tickets).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, such as unusual HTTP requests targeting Centreon modules (see references URL).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T14:14:28Z","date_published":"2026-05-12T14:14:28Z","id":"https://feed.craftedsignal.io/briefs/2026-05-centreon-vulns/","summary":"Multiple vulnerabilities in Centreon products allow for remote code execution, SQL injection, and cross-site scripting.","title":"Multiple Vulnerabilities in Centreon Products","url":"https://feed.craftedsignal.io/briefs/2026-05-centreon-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — AWIE","version":"https://jsonfeed.org/version/1.1"}