Vulnerabilities > Checkmk > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-28832 Cross-site Scripting vulnerability in Checkmk
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
network
low complexity
checkmk CWE-79
4.8
2024-06-17 CVE-2024-5741 Cross-site Scripting vulnerability in Checkmk
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
network
low complexity
checkmk CWE-79
5.4
2024-04-16 CVE-2024-3367 Argument Injection or Modification vulnerability in Checkmk
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
local
low complexity
checkmk CWE-88
5.5
2024-04-05 CVE-2024-2380 Cross-site Scripting vulnerability in Checkmk 2.3.0
Stored XSS in graph rendering in Checkmk <2.3.0b4.
network
low complexity
checkmk CWE-79
5.4
2024-03-22 CVE-2024-0638 Unspecified vulnerability in Checkmk
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
local
low complexity
checkmk
6.7
2024-01-12 CVE-2023-31211 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
network
low complexity
tribe29 checkmk CWE-670
6.5
2023-08-01 CVE-2023-23548 Cross-site Scripting vulnerability in Checkmk
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
network
low complexity
checkmk CWE-79
6.1
2023-06-26 CVE-2023-22359 Unspecified vulnerability in Checkmk 2.2.0
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
network
low complexity
checkmk
4.3
2023-05-17 CVE-2023-22348 Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
network
low complexity
tribe29 checkmk
4.3
2023-05-02 CVE-2023-31207 Information Exposure Through Log Files vulnerability in Checkmk 2.0.0/2.1.0
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
local
low complexity
checkmk CWE-532
5.5