Vulnerabilities > Checkmk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-40904 | Incorrect Default Permissions vulnerability in Checkmk 1.5.0 The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. | 8.8 |
| 2022-03-25 | CVE-2021-40905 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. | 8.8 |
| 2022-03-25 | CVE-2021-40906 | Cross-site Scripting vulnerability in multiple products CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. | 6.1 |
| 2022-02-24 | CVE-2022-24565 | Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. | 5.4 |
| 2022-02-24 | CVE-2022-24566 | Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0 In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | 5.4 |
| 2022-02-21 | CVE-2022-24564 | Cross-site Scripting vulnerability in Checkmk 2.0.0 Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-01-15 | CVE-2020-28919 | Cross-site Scripting vulnerability in Checkmk 1.6.0 A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title. | 5.4 |
| 2021-07-26 | CVE-2021-36563 | Cross-site Scripting vulnerability in Checkmk 1.5.0/1.6.0 The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. | 5.4 |
| 2021-02-19 | CVE-2020-24908 | Unspecified vulnerability in Checkmk Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory. | 7.8 |
| 2017-10-02 | CVE-2017-14955 | Race Condition vulnerability in Checkmk Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | 5.9 |