Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
checkmk checkmk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6735
Privilege escalation in mk_tsm agent plugin in Checkmk prior to 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
Tribe29 Checkmk
NA
CVE-2023-6740
Privilege escalation in jar_signature agent plugin in Checkmk prior to 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
Tribe29 Checkmk
3.5
CVSSv2
CVE-2021-36563
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an malicious user to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-...
Checkmk Checkmk
1 Github repository
NA
CVE-2023-0284
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk
NA
CVE-2023-22288
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated malicious user to inject malicious HTML into Emails
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk
NA
CVE-2023-22348
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
Tribe29 Checkmk
NA
CVE-2022-46302
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an malicious us...
Tribe29 Checkmk 1.6.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
NA
CVE-2022-46303
Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context ...
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
NA
CVE-2022-47909
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an malicious user to perform direct queries to the application's core from localhost.
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 1.6.0
1 Github repository
NA
CVE-2023-31207
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
Tribe29 Checkmk 2.0.0
Tribe29 Checkmk 2.1.0
Tribe29 Checkmk 2.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »