- Home
- CVEs with nessus.description==The version of Check_MK running on the remote web server is 1.2.4 prior to 1.2.4p4 or 1.2.5 prior to 1.2.5i4. It is, therefore, affected by multiple vulnerabilities :
- Multiple cross-site script (XSS) vulnerabilities exist in the multisite component, specifically within the render_status_icons() function in file htmllib.py and the ajax_action() function in file actions.py, due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2014-5338)
- A flaw exists related to row selections that allows an authenticated, remote attacker to write Check_MK configuration (.mk) files to arbitrary locations.
(CVE-2014-5339)
- A flaw exists in the wato component due to using the insecure Python pickel API calls. An unauthenticated, remote attacker can exploit this, via a specially crafted serialized object, to execute arbitrary code.
(CVE-2014-5340)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top