Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tribe29 checkmk vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an malicious user to use expired session tokens when communicating with the RestAPI.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
8.8
CVSSv3
CVE-2023-6156
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
8.8
CVSSv3
CVE-2023-6157
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
8.8
CVSSv3
CVE-2023-31209
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
Tribe29 Checkmk
8.8
CVSSv3
CVE-2023-31208
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
Tribe29 Checkmk
8.8
CVSSv3
CVE-2022-46302
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an malicious us...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
8.8
CVSSv3
CVE-2023-22294
Privilege escalation in Tribe29 Checkmk Appliance prior to 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
Tribe29 Checkmk
8.8
CVSSv3
CVE-2022-46836
PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an malicious user to inject and execute PHP code which will be executed upon request of the vulnerable component.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
2 Github repositories
8.8
CVSSv3
CVE-2021-40905
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web managem...
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk
1 Github repository
8.8
CVSSv3
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »