Vulnerabilities > Checkmk

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-12	CVE-2023-6735	Improper Privilege Management vulnerability in multiple products Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges local low complexity tribe29 checkmk CWE-269	7.8
2024-01-12	CVE-2023-6740	Improper Privilege Management vulnerability in multiple products Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges local low complexity tribe29 checkmk CWE-269	7.8
2023-12-13	CVE-2023-31210	Uncontrolled Search Path Element vulnerability in Checkmk 2.2.0 Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries local low complexity checkmk CWE-427	7.8
2023-11-24	CVE-2023-6251	Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. network low complexity checkmk CWE-352	3.5
2023-11-22	CVE-2023-6156	Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. network low complexity checkmk	8.8
2023-11-22	CVE-2023-6157	Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. network low complexity checkmk	8.8
2023-11-15	CVE-2023-23549	Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. network low complexity checkmk	2.7
2023-08-10	CVE-2023-31209	Injection vulnerability in multiple products Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. network low complexity tribe29 checkmk CWE-74	8.8
2023-08-01	CVE-2023-23548	Cross-site Scripting vulnerability in Checkmk Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. network low complexity checkmk CWE-79	6.1
2023-06-26	CVE-2023-22359	Unspecified vulnerability in Checkmk 2.2.0 User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. network low complexity checkmk	4.3

Vulnerabilities > Checkmk {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Checkmk"}]}

Vulnerabilities > Checkmk