Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tribe29 checkmk 1.6.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43440
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk prior to 2.1.0p1, prior to 2.0.0p25 and prior to 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
4.3
CVSSv2
CVE-2021-40906
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an malicious user to open a backdoor on the device with HTML content and interpreted by the browser (such as...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 1.6.0p10
Tribe29 Checkmk 1.6.0p17
Tribe29 Checkmk 1.6.0p18
1 Github repository
7.2
CVSSv2
CVE-2022-33912
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0b10
Tribe29 Checkmk 1.6.0b11
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
NA
CVE-2022-46302
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an malicious us...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
NA
CVE-2022-46303
Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context ...
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
NA
CVE-2022-48319
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an malicious user to gain access to the host secret through the unprotected agent updater log file.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
NA
CVE-2022-48320
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an malicious user to add new visual elements to multiple pages.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
NA
CVE-2022-47909
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an malicious user to perform direct queries to the application's core from localhost.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
1 Github repository
NA
CVE-2022-46836
PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an malicious user to inject and execute PHP code which will be executed upon request of the vulnerable component.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
2 Github repositories
7.2
CVSSv2
CVE-2020-24908
Checkmk prior to 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »