CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

Cross site scripting

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

UBUNTU-CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

CVE-2021-36563

CVE-2021-36563 affects Checkmk Management Web Console (versions 1.5.0–2.0.0). The vulnerability is an input sanitization flaw in WATO module parameters that enables cross‑site scripting (XSS). Exploitation can occur via the web management interface with valid credentials or an hijacked session, p...

CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

Directory traversal

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

CVE-2020-24908

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

CVE-2020-24908

CVE-2020-24908 affects Checkmk before 1.6.0p17. A Trojan horse shell script in %PROGRAMDATA%\checkmk\agent\local allows local users to escalate to SYSTEM privileges. Root cause: manipulation of a local agent script executed with high privileges. Impact: local privilege escalation to SYSTEM. Remed...

PT-2021-11083 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 1.6.0p17 Description: The issue allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory. Recommendations: For versions prior to 1.6.0p17, update ...

Checkmk Security Vulnerabilities

tribe29 Checkmk is an application from the German company tribe29. It provides a comprehensive solution for monitoring applications, servers and networks. A security vulnerability exists in Checkmk. The vulnerability originates from a Trojan Horse program script in the...

Checkmk 1.6.0p16 Local Privilege Escalation Vulnerability

Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 is an IT infrastructure monitoring software. It is consists of a management serve...

Checkmk 1.6.0p16 Local Privilege Escalation

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 i...

PT-2019-6462 · Mikrotik +1 · Mikrotik +1

Name of the Vulnerable Software and Affected Versions: MikroTik versions 0.4a mk through 2.0a MikroTik versions 2.0.0 through 2.5.5 Description: The issue is related to improper certificate validation in the Checkmk Exchange plugin for MikroTik routers, which can allow an attacker to intercept...

UBUNTU-CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

Mathias Kettner Check_MK Information Disclosure Vulnerability

Mathias Kettner CheckMK is an open-source, general-purpose Nagios/Icinga monitoring system data collection plug-in from Mathias Kettner, Germany, which collects data from operating system and network components by employing a new methodology and supports the automated detection of monitoring item...

PT-2017-13776 · Mathias Kettner +1 · Checkmk +1

Name of the Vulnerable Software and Affected Versions: Check MK versions prior to 1.2.8p26 Description: The issue arises from a race condition in the failed-login save feature, allowing remote attackers to obtain sensitive user information by reading a GUI crash report. This occurs due to the...

UBUNTU-CVE-2017-9781

A cross site scripting XSS vulnerability exists in CheckMK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the username parameter when attempting authentication to webapi.py, which is returned unencoded with content type...