This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Checkmk First view 2021-07-26
Product Checkmk Last view 2024-10-10
Version 2.0.0 Type Application
Update p22  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:checkmk:checkmk

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2024-10-10 CVE-2024-6747

Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data

6.1 2024-09-02 CVE-2024-38858

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.

6.5 2024-07-22 CVE-2024-6542

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.

8.8 2024-07-10 CVE-2024-28828

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

7.8 2024-07-10 CVE-2024-28827

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.

5.3 2024-07-08 CVE-2024-6163

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

5.4 2024-07-03 CVE-2024-6052

Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements

6.1 2024-07-02 CVE-2024-38857

Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.

2.7 2024-06-26 CVE-2024-28830

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.

4.8 2024-06-25 CVE-2024-28832

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.

5.4 2024-06-25 CVE-2024-28831

Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.

5.4 2024-06-17 CVE-2024-5741

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)

8.1 2024-05-29 CVE-2024-28826

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.

9.8 2024-04-24 CVE-2024-28825

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.

5.5 2024-04-16 CVE-2024-3367

Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

7.8 2024-03-22 CVE-2024-28824

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

3.3 2024-03-22 CVE-2024-1742

Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.

6.7 2024-03-22 CVE-2024-0638

Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

7.8 2024-03-11 CVE-2024-0670

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges

7.8 2024-01-12 CVE-2023-6740

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

7.8 2024-01-12 CVE-2023-6735

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

6.5 2024-01-12 CVE-2023-31211

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

3.5 2023-11-24 CVE-2023-6251

Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.

8.8 2023-11-22 CVE-2023-6157

Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

8.8 2023-11-22 CVE-2023-6156

Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

CWE : Common Weakness Enumeration

%idName
25% (9) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (3) CWE-532 Information Leak Through Log Files
8% (3) CWE-352 Cross-Site Request Forgery (CSRF)
5% (2) CWE-427 Uncontrolled Search Path Element
5% (2) CWE-269 Improper Privilege Management
2% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (1) CWE-670 Always-Incorrect Control Flow Implementation
2% (1) CWE-613 Insufficient Session Expiration
2% (1) CWE-610 Externally Controlled Reference to a Resource in Another Sphere
2% (1) CWE-307 Improper Restriction of Excessive Authentication Attempts
2% (1) CWE-290 Authentication Bypass by Spoofing
2% (1) CWE-276 Incorrect Default Permissions
2% (1) CWE-200 Information Exposure
2% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (1) CWE-88 Argument Injection or Modification
2% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
2% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
2% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
2% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
2% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (1) CWE-20 Improper Input Validation