Check Mk Project Check Mk — known CVE vulnerabilities
Every CVE whose affected-product data names Check Mk Project Check Mk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2014-5340 — CVSS 9.3 (critical): The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote…
CVE-2014-2331 — CVSS 8.5 (high): Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a…
CVE-2014-2330 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack…
CVE-2017-11507 — CVSS 6.1 (medium): A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an…
CVE-2017-9781 — CVSS 6.1 (medium): A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker…
CVE-2014-0243 — CVSS 5.5 (medium): Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
CVE-2014-2332 — CVSS 5.5 (medium): Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an…
CVE-2014-5339 — CVSS 4.9 (medium): Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary…
CVE-2014-5338 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow…
CVE-2014-2329 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users…