Every CVE whose affected-product data names Tribe29 Checkmk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2023-6740 — CVSS 8.8 (high): Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate…
CVE-2023-22294 — CVSS 8.8 (high): Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set…
CVE-2023-31209 — CVSS 8.8 (high): Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution…
CVE-2023-31211 — CVSS 8.8 (high): Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials
CVE-2023-6735 — CVSS 8.8 (high): Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2021-40905 — CVSS 8.8 (high): The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp"…
CVE-2023-31208 — CVSS 8.3 (high): Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows…
CVE-2022-31258 — CVSS 8.2 (high): In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
CVE-2022-33912 — CVSS 7.8 (high): A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery…
CVE-2023-0284 — CVSS 6.8 (medium): Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the…
CVE-2021-40906 — CVSS 6.1 (medium): CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated…
CVE-2023-22348 — CVSS 4.3 (medium): Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read…
CVE-2023-22288 — CVSS 4.1 (medium): HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to…
CVE-2023-1768 — CVSS 3.7 (low): Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the…