Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Checkmk GmbH — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting Checkmk GmbH. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Checkmk GmbH develops IT infrastructure monitoring solutions, primarily serving enterprise environments to track system health and network performance. The software’s extensive attack surface has resulted in 75 recorded Common Vulnerabilities and Exposures (CVEs), reflecting its complex architecture and widespread deployment. Historically, these security flaws predominantly involve remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation or insecure default configurations in the web interface and agent components. While no single catastrophic data breach has defined the company’s public history, the high volume of CVEs indicates persistent challenges in securing legacy codebases and third-party dependencies. Regular patching is critical for administrators, as many disclosed issues allow unauthenticated attackers to gain significant control over monitored systems. The company continues to address these technical debt issues through iterative updates, though the sheer number of past vulnerabilities remains a notable risk factor for organizations relying on its monitoring infrastructure.

Top products by Checkmk GmbH: Checkmk Checkmk Appliance
CVE IDTitleCVSSSeverityPublished
CVE-2025-2596 Session logout can be overwritten by long lasting request — CheckmkCWE-613 7.1AIHighAI2025-03-26
CVE-2025-1075 LDAP credentials logged to Apache error log — CheckmkCWE-532 4.9 -2025-02-19
CVE-2024-38864 User-Readable Private Key in Windows Agent — CheckmkCWE-732 5.5 -2024-12-19
CVE-2024-47094 Logging of sitesecret to automations log — CheckmkCWE-532 7.5 -2024-11-29
CVE-2024-38863 CSRF token leaked in URL parameters — CheckmkCWE-598 6.5AIMediumAI2024-10-14
CVE-2024-38862 SNMP and IMPI secrets written to audit log — CheckmkCWE-532 4.9AIMediumAI2024-10-14
CVE-2024-6747 Information leak in mknotifyd — CheckmkCWE-201 5.3 Medium2024-10-10
CVE-2024-8606 Fix 2FA bypass via RestAPI — CheckmkCWE-863 6.5AIMediumAI2024-09-23
CVE-2024-38860 Reflected links in error message facilitate phishing attacks — CheckmkCWE-79 6.1 -2024-09-17
CVE-2024-6572 Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' — CheckmkCWE-322 5.9AIMediumAI2024-09-09
CVE-2024-38858 Cross-site scripting in Robotmk logs view — CheckmkCWE-79 9.0AICriticalAI2024-09-02
CVE-2024-38859 XSS in view page with SLA column — CheckmkCWE-80 5.4AIMediumAI2024-08-26
CVE-2024-28829 Privilege escalation in mk_informix plugin — CheckmkCWE-272 7.8AIHighAI2024-08-20
CVE-2024-6542 Livestatus injection in mknotifyd — CheckmkCWE-140 6.5 Medium2024-07-22
CVE-2024-28828 1-Click compromize via CSRF — CheckmkCWE-352 8.8 High2024-07-10
CVE-2024-28827 Privilege escalation in Windows agent — CheckmkCWE-732 8.8 High2024-07-10
CVE-2024-6163 local IP restriction of internal HTTP endpoints — CheckmkCWE-290 5.3 Medium2024-07-08
CVE-2024-6052 XSS in SQL check parameters — CheckmkCWE-80 6.5 Medium2024-07-03
CVE-2024-38857 Reflected links in visuals facilitate phishing attacks — CheckmkCWE-79 4.3 Medium2024-07-02
CVE-2024-28830 Automation user secrets written to audit log — CheckmkCWE-532 2.7 Low2024-06-26
CVE-2024-28832 XSS in Crash Report Page — CheckmkCWE-80 4.8 Medium2024-06-25
CVE-2024-28831 XSS in confirmation pop-up — CheckmkCWE-80 5.4 Medium2024-06-25
CVE-2024-5741 XSS in inventory view — CheckmkCWE-80 6.5 Medium2024-06-17
CVE-2024-28833 Missing brute-force protection for two factor authentication — CheckmkCWE-307 5.9 Medium2024-06-10
CVE-2024-28826 Unrestricted upload and download paths in check_sftp — CheckmkCWE-73 8.8 High2024-05-29
CVE-2024-28825 Brute-force protection ineffective for some login methods — CheckmkCWE-307 5.9 Medium2024-04-24
CVE-2024-3367 Argument injection to runmqsc — CheckmkCWE-88 6.5 Medium2024-04-16
CVE-2024-2380 XSS in graph rendering — CheckmkCWE-80 4.6 Medium2024-04-05
CVE-2024-28824 Privilege escalation in mk_informix plugin — CheckmkCWE-272 8.8 High2024-03-22
CVE-2024-1742 Information disclosure in mk_oracle Checkmk agent plugin — CheckmkCWE-214 3.8 Low2024-03-22

This page lists every published CVE security advisory associated with Checkmk GmbH. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.