Shodan
Vulnerabilities
Vulnerable Software
Checkmk:  >> Checkmk  >> 2.3.0  Security Vulnerabilities
CVE-2024-6572
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic
CVSS Score
6.3
EPSS Score
0.003
Published
2024-09-09
CVE-2024-38858
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
CVSS Score
2.3
EPSS Score
0.012
Published
2024-09-02
CVE-2024-38859
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
CVSS Score
4.8
EPSS Score
0.014
Published
2024-08-26
CVE-2024-28829
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS Score
5.2
EPSS Score
0.001
Published
2024-08-20
CVE-2024-6542
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-07-22
CVE-2024-28827
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-10
CVE-2024-28828
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-07-10
CVE-2024-6163
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
CVSS Score
5.3
EPSS Score
0.005
Published
2024-07-08
CVE-2024-6052
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
CVSS Score
6.5
EPSS Score
0.003
Published
2024-07-03
CVE-2024-38857
Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-07-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved