VYPR

Vendor CVEs

Checkmk

All CVEs

122 total · sorted by risk
  • CVE-2024-38864Dec 19, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.

  • CVE-2024-47094Nov 29, 2024
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users.

  • CVE-2024-6747Oct 10, 2024
    risk 0.00cvss epss 0.00

    Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data

  • CVE-2024-38861Sep 27, 2024
    risk 0.00cvss epss 0.00

    Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.

  • CVE-2024-8606Sep 23, 2024
    risk 0.00cvss epss 0.00

    Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication

  • CVE-2024-38860Sep 17, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.

  • CVE-2024-6572Sep 9, 2024
    risk 0.00cvss epss 0.00

    Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic

  • CVE-2024-38858Sep 2, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.

  • CVE-2024-38859Aug 26, 2024
    risk 0.00cvss epss 0.00

    XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view…

  • CVE-2024-28829Aug 20, 2024
    risk 0.00cvss epss 0.00

    Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.

  • CVE-2024-6542Jul 22, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.

  • CVE-2024-28828Jul 10, 2024
    risk 0.00cvss epss 0.00

    Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.

  • CVE-2024-28827Jul 10, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.

  • CVE-2024-6163Jul 8, 2024
    risk 0.00cvss epss 0.01

    Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

  • CVE-2024-6052Jul 3, 2024
    risk 0.00cvss epss 0.00

    Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements

  • CVE-2024-38857Jul 2, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.

  • CVE-2024-28830Jun 26, 2024
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.

  • CVE-2024-28832Jun 25, 2024
    risk 0.00cvss epss 0.00

    Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.

  • CVE-2024-28831Jun 25, 2024
    risk 0.00cvss epss 0.00

    Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.

  • CVE-2024-5741Jun 17, 2024
    risk 0.00cvss epss 0.00

    Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)

  • CVE-2024-28833Jun 10, 2024
    risk 0.00cvss epss 0.00

    Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.

  • CVE-2024-28826May 29, 2024
    risk 0.00cvss epss 0.00

    Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.

  • CVE-2024-28825Apr 24, 2024
    risk 0.00cvss epss 0.01

    Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.

  • CVE-2024-3367Apr 16, 2024
    risk 0.00cvss epss 0.00

    Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

  • CVE-2024-2380Apr 5, 2024
    risk 0.00cvss epss 0.00

    Stored XSS in graph rendering in Checkmk <2.3.0b4.

  • CVE-2024-28824Mar 22, 2024
    risk 0.00cvss epss 0.00

    Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

  • CVE-2024-1742Mar 22, 2024
    risk 0.00cvss epss 0.00

    Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.

  • CVE-2024-0638Mar 22, 2024
    risk 0.00cvss epss 0.00

    Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

  • CVE-2024-0670Mar 11, 2024
    risk 0.00cvss epss 0.00

    Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges

  • CVE-2023-6740Jan 12, 2024
    risk 0.00cvss epss 0.00

    Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

  • CVE-2023-6735Jan 12, 2024
    risk 0.00cvss epss 0.00

    Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

  • CVE-2023-31211Jan 12, 2024
    risk 0.00cvss epss 0.01

    Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

  • CVE-2023-31210Dec 13, 2023
    risk 0.00cvss epss 0.01

    Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

  • CVE-2023-6287Nov 27, 2023
    risk 0.00cvss epss 0.00

    Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.

  • CVE-2023-6251Nov 24, 2023
    risk 0.00cvss epss 0.00

    Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.

  • CVE-2023-6157Nov 22, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

  • CVE-2023-6156Nov 22, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

  • CVE-2023-23549Nov 15, 2023
    risk 0.00cvss epss 0.01

    Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.

  • CVE-2023-31209Aug 10, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.

  • CVE-2023-23548Aug 1, 2023
    risk 0.00cvss epss 0.00

    Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.

  • CVE-2023-22359Jun 26, 2023
    risk 0.00cvss epss 0.01

    User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.

  • CVE-2023-22348May 17, 2023
    risk 0.00cvss epss 0.01

    Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.

  • CVE-2023-31208May 17, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.

  • CVE-2023-22318May 15, 2023
    risk 0.00cvss epss 0.01

    Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.

  • CVE-2023-31207May 2, 2023
    risk 0.00cvss epss 0.00

    Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.

  • CVE-2022-46302Apr 20, 2023
    risk 0.00cvss epss 0.00

    Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform…

  • CVE-2023-22309Apr 20, 2023
    risk 0.00cvss epss 0.00

    Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.

  • CVE-2023-22294Apr 18, 2023
    risk 0.00cvss epss 0.01

    Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.

  • CVE-2023-22307Apr 18, 2023
    risk 0.00cvss epss 0.00

    Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.

  • CVE-2023-2020Apr 18, 2023
    risk 0.00cvss epss 0.00

    Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.