PT-2024-18267 · Oracle · Sqlplus
Published
2024-03-22
·
Updated
2024-12-04
·
CVE-2024-1742
CVSS v3.1
3.8
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL)
Description
The invocation of the sqlplus command with sensitive information in the command line in the mk oracle Checkmk agent plugin allows the extraction of this information from the process list.
Recommendations
For Checkmk versions prior to 2.3.0b4 (beta), update to version 2.3.0b4 (beta) or later.
For Checkmk version 2.2.0, update to version 2.2.0p24 or later.
For Checkmk version 2.1.0, update to version 2.1.0p41 or later.
For Checkmk version 2.0.0, this version is end-of-life, and it is recommended to upgrade to a newer version.
As a temporary workaround, consider avoiding the use of sensitive information in the command line for the sqlplus command in the mk oracle Checkmk agent plugin until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sqlplus