Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-12	CVE-2023-31211	Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials network low complexity tribe29 checkmk CWE-670	6.5
2023-05-17	CVE-2023-22348	Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. network low complexity tribe29 checkmk	4.3
2023-04-04	CVE-2023-1768	Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. network low complexity tribe29 checkmk	5.3
2023-03-20	CVE-2023-22288	Cross-site Scripting vulnerability in multiple products HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails network low complexity tribe29 checkmk CWE-79	5.4
2022-05-20	CVE-2022-31258	Link Following vulnerability in multiple products In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. local low complexity tribe29 checkmk CWE-59	6.7
2022-03-25	CVE-2021-40906	Cross-site Scripting vulnerability in multiple products CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. network low complexity tribe29 checkmk CWE-79	6.1