CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38860 – Reflected links in error message facilitate phishing attacks
https://notcve.org/view.php?id=CVE-2024-38860
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. • https://checkmk.com/werk/17094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6572 – Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem'
https://notcve.org/view.php?id=CVE-2024-6572
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic La verificación incorrecta de la clave del host en la verificación activa 'Check SFTP Service' y el agente especial 'VNX quotas and filesystem' en Checkmk anterior a Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 y 2.0.0 (EOL) permite a los atacantes intermediarios interceptar el tráfico • https://checkmk.com/werk/17148 • CWE-322: Key Exchange without Entity Authentication •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38858 – Cross-site scripting in Robotmk logs view
https://notcve.org/view.php?id=CVE-2024-38858
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. • https://checkmk.com/werk/17232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38859 – XSS in view page with SLA column
https://notcve.org/view.php?id=CVE-2024-38859
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. • https://checkmk.com/werk/17026 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28829 – Privilege escalation in mk_informix plugin
https://notcve.org/view.php?id=CVE-2024-28829
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. La violación de privilegios mínimos y la dependencia de entradas no confiables en el complemento del agente Checkmk mk_informix anterior a Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 y 2.0.0 (EOL) permite que los usuarios locales escalen privilegios. • https://checkmk.com/werk/16249 • CWE-272: Least Privilege Violation CWE-807: Reliance on Untrusted Inputs in a Security Decision •