Vulnerabilities > Checkmk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-29 | CVE-2024-28826 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Checkmk Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | 8.1 |
| 2024-04-24 | CVE-2024-28825 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. | 9.8 |
| 2024-04-16 | CVE-2024-3367 | Argument Injection or Modification vulnerability in Checkmk Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | 5.5 |
| 2024-04-05 | CVE-2024-2380 | Cross-site Scripting vulnerability in Checkmk 2.3.0 Stored XSS in graph rendering in Checkmk <2.3.0b4. | 5.4 |
| 2024-03-22 | CVE-2024-0638 | Unspecified vulnerability in Checkmk Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 6.7 |
| 2024-03-22 | CVE-2024-1742 | Unspecified vulnerability in Checkmk Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. | 3.3 |
| 2024-03-22 | CVE-2024-28824 | Unspecified vulnerability in Checkmk Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 7.8 |
| 2024-03-11 | CVE-2024-0670 | Uncontrolled Search Path Element vulnerability in Checkmk 2.0.0/2.1.0 Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | 7.8 |
| 2024-01-12 | CVE-2023-31211 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 6.5 |
| 2024-01-12 | CVE-2023-6735 | Improper Privilege Management vulnerability in multiple products Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 7.8 |