PT-2015-3704 · Mathias Kettner · Checkmk
Publicado
2015-08-31
·
Atualizado
2015-09-01
·
CVE-2014-2329
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Check MK versions prior to 1.2.2p3
Check MK versions 1.2.3x prior to 1.2.3i5
Description
The issue allows remote authenticated users to inject arbitrary web script or HTML via the
agent string for a check mk agent or a crafted request to a monitored host, which is not properly handled by the logwatch module.Recommendations
For Check MK versions prior to 1.2.2p3, update to version 1.2.2p3 or later.
For Check MK versions 1.2.3x prior to 1.2.3i5, update to version 1.2.3i5 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Checkmk