Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Checkmk GmbH — Vulnerabilities & Security Advisories 76

Browse all 76 CVE security advisories affecting Checkmk GmbH. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Checkmk GmbH develops IT infrastructure monitoring solutions, primarily serving enterprise environments to track system health and network performance. The software’s extensive attack surface has resulted in 75 recorded Common Vulnerabilities and Exposures (CVEs), reflecting its complex architecture and widespread deployment. Historically, these security flaws predominantly involve remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations in the web interface and agent components. While no single catastrophic data breach has defined the company’s public history, the high volume of CVEs indicates persistent challenges in securing legacy codebases and third-party dependencies. Regular patching is critical for administrators, as many disclosed issues allow unauthenticated attackers to gain significant control over monitored systems. The company continues to address these technical debt issues through iterative updates, though the sheer number of past vulnerabilities remains a notable risk factor for organizations relying on its monitoring infrastructure.

Top products by Checkmk GmbH: Checkmk Checkmk Appliance
CVE IDTitleCVSSSeverityPublished
CVE-2024-1742 Information disclosure in mk_oracle Checkmk agent plugin — CheckmkCWE-214 3.8 Low2024-03-22
CVE-2024-0638 Privilege escalation in mk_oracle plugins — CheckmkCWE-272 8.2 High2024-03-22
CVE-2024-0670 Privilege escalation in windows agent — CheckmkCWE-427 8.8 High2024-03-11
CVE-2023-6740 Privilege escalation in jar_signature — CheckmkCWE-427 8.8 High2024-01-12
CVE-2023-6735 Privilege escalation in mk_tsm — CheckmkCWE-95 8.8 High2024-01-12
CVE-2023-31211 Disabled automation users could still authenticate — CheckmkCWE-303 8.8 High2024-01-12
CVE-2023-31210 Privilege escalation in agent via LD_LIBRARY_PATH — CheckmkCWE-427 8.8 High2023-12-13
CVE-2023-6287 Backup password in GET parameter — Checkmk ApplianceCWE-598 3.3 Low2023-11-27
CVE-2023-6251 CSRF in delete_user_message — CheckmkCWE-352 3.5 Low2023-11-24
CVE-2023-6157 Livestatus injection in ajax_search — CheckmkCWE-140 7.6 High2023-11-22
CVE-2023-6156 Livestatus injection in availability timeline — CheckmkCWE-140 7.6 High2023-11-22
CVE-2023-23549 DoS via long hostnames — CheckmkCWE-1284 2.7 Low2023-11-15
CVE-2023-31209 Command injection via active checks and REST API — CheckmkCWE-78 8.8 High2023-08-10
CVE-2023-23548 XSS in business intelligence — CheckmkCWE-80 5.4 Medium2023-08-01
CVE-2023-22348 Reading host_configs does not honour contact groups — CheckmkCWE-285 4.3 Medium2023-05-17
CVE-2023-31208 Livestatus command injection in RestAPI — CheckmkCWE-140 8.3 High2023-05-17

This page lists every published CVE security advisory associated with Checkmk GmbH. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.