Shodan
Vulnerabilities
Vulnerable Software
Checkmk:  >> Checkmk  >> 2.2.0  Security Vulnerabilities
CVE-2023-6251
Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.
CVSS Score
3.5
EPSS Score
0.002
Published
2023-11-24
CVE-2023-6156
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
CVSS Score
7.6
EPSS Score
0.004
Published
2023-11-22
CVE-2023-6157
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
CVSS Score
7.6
EPSS Score
0.004
Published
2023-11-22
CVE-2023-23549
Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-11-15
CVE-2023-31209
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-08-10
CVE-2023-23548
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-08-01
CVE-2023-22359
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-06-26
CVE-2023-22348
Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-05-17
CVE-2023-31208
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.
CVSS Score
8.3
EPSS Score
0.005
Published
2023-05-17
CVE-2023-31207
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved