Vulnerabilities > Tribe29 > Checkmk > 1.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-40904 | Incorrect Default Permissions vulnerability in Tribe29 Checkmk 1.5.0 The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. | 6.8 |
| 2022-03-25 | CVE-2021-40905 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribe29 Checkmk The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. | 8.8 |
| 2022-03-25 | CVE-2021-40906 | Cross-site Scripting vulnerability in Tribe29 Checkmk CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. | 4.3 |
| 2021-02-19 | CVE-2020-24908 | Unspecified vulnerability in Tribe29 Checkmk Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory. | 7.2 |