1445 matches found
CVE-2022-47909
Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...
CVE-2022-48319
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows an attacker to gain access to the host secret through the unprotected agent updater log file...
CVE-2022-48321
Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI...
CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...
CVE-2022-48321
Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...
CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI...
CVE-2022-46303
Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...
CVE-2022-46303
Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...
CVE-2022-46836
PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component...
CVE-2022-48320
Cross-site Request Forgery CSRF in Tribe29's Checkmk = 2.1.0p17, Checkmk = 2.0.0p31, and all versions of Checkmk 1.6.0 EOL allow an attacker to add new visual elements to multiple pages...
CVE-2022-46303
Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...
CVE-2022-47909
Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI...
Cross site request forgery (csrf)
Cross-site Request Forgery CSRF in Tribe29's Checkmk = 2.1.0p17, Checkmk = 2.0.0p31, and all versions of Checkmk 1.6.0 EOL allow an attacker to add new visual elements to multiple pages...
Code injection
Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...
Code injection
PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component...
Code injection
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows an attacker to gain access to the host secret through the unprotected agent updater log file...
CVE-2022-48319
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows an attacker to gain access to the host secret through the unprotected agent updater log file...