Vulnerabilities > Checkmk

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2021-40905 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible.
network
low complexity
tribe29 checkmk CWE-434
8.8
2022-03-25 CVE-2021-40906 Cross-site Scripting vulnerability in multiple products
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone.
network
low complexity
tribe29 checkmk CWE-79
6.1
2022-02-24 CVE-2022-24565 Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0
Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability.
network
low complexity
checkmk CWE-79
5.4
2022-02-24 CVE-2022-24566 Cross-site Scripting vulnerability in Checkmk 1.6.0/2.0.0
In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS).
network
low complexity
checkmk CWE-79
5.4
2022-02-21 CVE-2022-24564 Cross-site Scripting vulnerability in Checkmk 2.0.0
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability.
network
low complexity
checkmk CWE-79
6.1
2022-01-15 CVE-2020-28919 Cross-site Scripting vulnerability in Checkmk 1.6.0
A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title.
network
low complexity
checkmk CWE-79
5.4
2021-07-26 CVE-2021-36563 Cross-site Scripting vulnerability in Checkmk 1.5.0/1.6.0
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module.
network
low complexity
checkmk CWE-79
5.4
2021-02-19 CVE-2020-24908 Unspecified vulnerability in Checkmk
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
local
low complexity
checkmk
7.8
2017-10-02 CVE-2017-14955 Race Condition vulnerability in Checkmk
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
network
high complexity
checkmk CWE-362
5.9