CVE-2024-45757 is a high-severity SQL injection vulnerability identified in Centreon BAM (Business Activity Monitoring) versions 22.10, 23.04, 23.10, and 24.04. Centreon BAM is a monitoring solution used to visualize and analyze IT infrastructure and business processes. The vulnerability exists in the user-settings form, where insufficient input sanitization allows an authenticated user with high privileges to inject malicious SQL commands. This flaw stems from improper handling of user-supplied data in SQL queries, classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). Exploiting this vulnerability could enable attackers to manipulate backend databases, leading to unauthorized data disclosure, modification, or deletion, and potentially full system compromise. The CVSS 3.1 base score of 7.2 reflects a high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and no user interaction required beyond authentication. Although exploitation requires high-privileged authenticated access, the vulnerability is critical because it can be leveraged to escalate privileges or pivot within the network. No public exploits have been reported yet, and no patches are currently linked, indicating the need for immediate attention by affected organizations.

For European organizations using Centreon BAM, this vulnerability poses significant risks. Centreon is widely adopted in Europe, especially among enterprises and public sector entities for IT infrastructure monitoring. Successful exploitation could lead to unauthorized access to sensitive monitoring data, manipulation of business activity metrics, and disruption of operational visibility. This can impair incident response and risk management capabilities. Moreover, attackers could leverage the SQL injection to extract credentials or inject malicious payloads, facilitating lateral movement and further compromise. Given the high privileges required, insider threats or compromised administrative accounts are primary vectors, increasing the risk of insider attacks or advanced persistent threats (APTs). The impact extends to regulatory compliance, as data breaches involving monitoring data may violate GDPR and other data protection laws, leading to legal and financial penalties. The availability impact could disrupt critical monitoring services, affecting business continuity.

To mitigate CVE-2024-45757, organizations should: 1) Immediately review and restrict access to Centreon BAM user-settings forms, ensuring only trusted administrators have high-privileged accounts. 2) Implement strict input validation and parameterized queries in the application code to prevent SQL injection, if possible through vendor updates or custom patches. 3) Monitor logs for unusual database queries or access patterns indicative of exploitation attempts. 4) Employ network segmentation to isolate Centreon BAM servers and limit exposure to internal threat actors. 5) Enforce multi-factor authentication (MFA) for all administrative accounts to reduce risk from compromised credentials. 6) Regularly audit user privileges and remove unnecessary high-level access. 7) Stay alert for vendor patches or updates addressing this vulnerability and apply them promptly once available. 8) Consider deploying Web Application Firewalls (WAFs) with SQL injection detection rules as a temporary protective measure. 9) Conduct security awareness training focused on insider threat risks and secure credential management.