PT-2015-3707 · Mathias Kettner · Checkmk
Published
2015-08-31
·
Updated
2015-09-01
·
CVE-2014-2332
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Check MK versions prior to 1.2.2p3
Check MK versions 1.2.3x prior to 1.2.3i5
Description
The issue allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." This can be exploited by remote attackers.
Recommendations
For versions prior to 1.2.2p3, update to version 1.2.2p3 or later.
For versions 1.2.3x prior to 1.2.3i5, update to version 1.2.3i5 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk