Page 3 of 24 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. Permisos incorrectos en el directorio de datos del agente de Windows Checkmk en Checkmk &lt; 2.3.0p8, &lt; 2.2.0p29, &lt; 2.1.0p45 y &lt;= 2.0.0p39 (EOL) permiten a un atacante local obtener privilegios de SYSTEM. • https://checkmk.com/werk/16845 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data • https://checkmk.com/werk/17011 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements XSS almacenado en Checkmk antes de las versiones 2.3.0p8, 2.2.0p29, 2.1.0p45 y 2.0.0 (EOL) permite a los usuarios ejecutar scripts arbitrarios inyectando elementos HTML Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements • https://checkmk.com/werk/17010 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. La neutralización inadecuada de la entrada en Checkmk antes de las versiones 2.3.0p8, 2.2.0p28, 2.1.0p45 y 2.0.0 (EOL) permite a los atacantes crear enlaces maliciosos que pueden facilitar los ataques de phishing. • https://checkmk.com/werk/17059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.7EPSS: 0%CPEs: 4EXPL: 0

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. La inserción de información confidencial en un archivo de registro en las versiones de Checkmk GmbH &lt;2.3.0p7, &lt;2.2.0p28, &lt;2.1.0p45 y &lt;=2.0.0p39 (EOL) hace que los secretos de usuario de automatización se escriban en archivos de registro de auditoría accesibles a los administradores. • https://checkmk.com/werk/17056 • CWE-532: Insertion of Sensitive Information into Log File •