Vulnerabilities > Checkmk > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-04-24 CVE-2024-28825 Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
network
low complexity
checkmk CWE-307
critical
9.8
2023-02-20 CVE-2022-48317 Insufficient Session Expiration vulnerability in Checkmk 2.0.0/2.1.0
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.
network
low complexity
checkmk CWE-613
critical
9.8