NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:tribe29:checkmk:1.6.0p15:*:*:*:*:*:*:*
CPE Name Search: true

There are 12 matching records.

Displaying matches 1 through 12.

Vuln ID	Summary	CVSS Severity
CVE-2023-6740	Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges Published: January 12, 2024; 3:15:43 AM -0500	V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available)
CVE-2023-6735	Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges Published: January 12, 2024; 3:15:43 AM -0500	V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available)
CVE-2023-31211	Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials Published: January 12, 2024; 3:15:43 AM -0500	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available)
CVE-2023-31209	Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. Published: August 10, 2023; 5:15:12 AM -0400	V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available)
CVE-2023-22348	Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. Published: May 17, 2023; 12:15:09 PM -0400	V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available)
CVE-2023-31208	Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. Published: May 17, 2023; 5:15:10 AM -0400	V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available)
CVE-2023-22294	Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. Published: April 18, 2023; 3:15:07 PM -0400	V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available)
CVE-2023-1768	Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. Published: April 04, 2023; 3:15:11 AM -0400	V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available)
CVE-2023-22288	HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails Published: March 20, 2023; 12:15:13 PM -0400	V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2023-0284	Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected. Published: January 26, 2023; 4:18:07 PM -0500	V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available)
CVE-2022-31258	In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. Published: May 20, 2022; 7:15:45 PM -0400	V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH
CVE-2021-40905	The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner Published: March 25, 2022; 7:15:08 PM -0400	V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM