Vulnerabilities > Checkmk > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-02 | CVE-2024-38858 | Cross-site Scripting vulnerability in Checkmk Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | 6.1 |
| 2024-07-22 | CVE-2024-6542 | Unspecified vulnerability in Checkmk 2.0.0/2.1.0/2.2.0 Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution. | 6.5 |
| 2024-07-08 | CVE-2024-6163 | Authentication Bypass by Spoofing vulnerability in Checkmk Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | 5.3 |
| 2024-07-03 | CVE-2024-6052 | Cross-site Scripting vulnerability in Checkmk Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | 5.4 |
| 2024-06-17 | CVE-2024-5741 | Cross-site Scripting vulnerability in Checkmk Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL) | 5.4 |
| 2024-01-12 | CVE-2023-31211 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 6.5 |
| 2023-08-01 | CVE-2023-23548 | Cross-site Scripting vulnerability in Checkmk Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | 6.1 |
| 2023-06-26 | CVE-2023-22359 | Unspecified vulnerability in Checkmk 2.2.0 User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | 4.3 |
| 2023-05-17 | CVE-2023-22348 | Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 |
| 2023-05-02 | CVE-2023-31207 | Information Exposure Through Log Files vulnerability in Checkmk 2.0.0/2.1.0 Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | 5.5 |