Vulnerabilities > Checkmk

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-6740 Improper Privilege Management vulnerability in multiple products
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
local
low complexity
tribe29 checkmk CWE-269
7.8
2023-12-13 CVE-2023-31210 Uncontrolled Search Path Element vulnerability in Checkmk 2.2.0
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
local
low complexity
checkmk CWE-427
7.8
2023-11-24 CVE-2023-6251 Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.
network
low complexity
checkmk CWE-352
3.5
2023-11-22 CVE-2023-6156 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
network
low complexity
checkmk
8.8
2023-11-22 CVE-2023-6157 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
network
low complexity
checkmk
8.8
2023-11-15 CVE-2023-23549 Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.
network
low complexity
checkmk
2.7
2023-08-10 CVE-2023-31209 Injection vulnerability in multiple products
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
network
low complexity
tribe29 checkmk CWE-74
8.8
2023-08-01 CVE-2023-23548 Cross-site Scripting vulnerability in Checkmk
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
network
low complexity
checkmk CWE-79
6.1
2023-06-26 CVE-2023-22359 Unspecified vulnerability in Checkmk 2.2.0
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
network
low complexity
checkmk
4.3
2023-05-17 CVE-2023-22348 Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
network
low complexity
tribe29 checkmk
4.3