15 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente jar_signature en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16163 • CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •

CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges La escalada de privilegios en el complemento del agente mk_tsm en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al usuario local escalar privilegios • https://checkmk.com/werk/16273 • CWE-20: Improper Input Validation CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 118EXPL: 0

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials El flujo de autenticación insuficiente en Checkmk anterior a 2.2.0p17, 2.1.0p37 y 2.0.0p39 permite al atacante utilizar credenciales bloqueadas • https://checkmk.com/werk/16227 • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-670: Always-Incorrect Control Flow Implementation CWE-691: Insufficient Control Flow Management •

CVSS: 8.8EPSS: 0%CPEs: 102EXPL: 0

Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. • https://checkmk.com/werk/15194 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 106EXPL: 0

Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. • https://checkmk.com/werk/15691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •