Filtered by vendor Checkmk Subscriptions
Total 70 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-6542 1 Checkmk 1 Checkmk 2024-11-21 6.5 Medium
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
CVE-2024-6163 1 Checkmk 1 Checkmk 2024-11-21 5.3 Medium
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
CVE-2024-6052 1 Checkmk 1 Checkmk 2024-11-21 6.5 Medium
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
CVE-2024-5741 1 Checkmk 1 Checkmk 2024-11-21 6.5 Medium
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
CVE-2024-28833 1 Checkmk 1 Checkmk 2024-11-21 5.9 Medium
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.
CVE-2024-28828 1 Checkmk 1 Checkmk 2024-11-21 8.8 High
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
CVE-2023-6740 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 8.8 High
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2023-6735 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 8.8 High
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2023-6251 1 Checkmk 1 Checkmk 2024-11-21 3.5 Low
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.
CVE-2023-6157 1 Checkmk 1 Checkmk 2024-11-21 7.6 High
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
CVE-2023-6156 1 Checkmk 1 Checkmk 2024-11-21 7.6 High
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
CVE-2023-31211 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 8.8 High
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
CVE-2023-31209 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 8.8 High
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
CVE-2023-31208 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 8.3 High
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
CVE-2023-31207 1 Checkmk 1 Checkmk 2024-11-21 4.4 Medium
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
CVE-2023-2020 1 Checkmk 1 Checkmk 2024-11-21 4.3 Medium
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
CVE-2023-23549 1 Checkmk 1 Checkmk 2024-11-21 2.7 Low
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.
CVE-2023-23548 1 Checkmk 1 Checkmk 2024-11-21 5.4 Medium
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
CVE-2023-22359 1 Checkmk 1 Checkmk 2024-11-21 4.3 Medium
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
CVE-2023-22348 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 4.3 Medium
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.