checkmk 1.4.0 B1

CPE Details

checkmk 1.4.0 B1
checkmk
checkmk
1.4.0
2024-07-23
17h37 +00:00
2024-07-23
17h37 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:checkmk:checkmk:1.4.0:b1:*:*:*:*:*:*

Informations

Vendor

checkmk

Product

checkmk

Version

1.4.0

Update

b1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-38858 2024-09-02 09h16 +00:00 Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view.
2.3
Bas
CVE-2024-28827 2024-07-10 12h41 +00:00 Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
8.8
Haute
CVE-2024-6163 2024-07-08 13h01 +00:00 Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
9.8
Critique
CVE-2024-6052 2024-07-03 14h30 +00:00 Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements
6.5
Moyen
CVE-2024-38857 2024-07-02 08h11 +00:00 Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks.
6.1
Moyen
CVE-2024-28830 2024-06-26 07h56 +00:00 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators.
2.7
Bas
CVE-2024-28832 2024-06-25 11h45 +00:00 Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings.
4.8
Moyen
CVE-2024-28831 2024-06-25 11h45 +00:00 Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.
5.4
Moyen
CVE-2024-5741 2024-06-17 11h16 +00:00 Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
6.5
Moyen
CVE-2024-28826 2024-05-29 10h00 +00:00 Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
8.8
Haute
CVE-2024-28825 2024-04-24 11h25 +00:00 Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
9.8
Critique
CVE-2024-3367 2024-04-16 11h59 +00:00 Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
6.5
Moyen
CVE-2024-28824 2024-03-22 10h26 +00:00 Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
8.8
Haute
CVE-2024-1742 2024-03-22 10h26 +00:00 Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.
3.8
Bas
CVE-2024-0638 2024-03-22 10h25 +00:00 Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
8.2
Haute
CVE-2023-23548 2023-08-01 09h42 +00:00 Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
6.1
Moyen
CVE-2022-43440 2023-02-09 08h30 +00:00 Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
8.8
Haute
CVE-2022-31258 2022-05-20 20h02 +00:00 In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
8.2
Haute
CVE-2020-24908 2021-02-19 04h03 +00:00 Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
7.8
Haute