SBA Research’s Post

🔥 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗹𝗲𝗿𝘁: 𝗖𝗵𝗲𝗰𝗸𝗺𝗸 𝗫𝗦𝗦 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟵𝟲𝟲𝟯) A Stored Cross-Site Scripting (XSS) vulnerability affects Checkmk versions before 2.4.0p14 and 2.3.0p39. In distributed setups, any connected remote site could inject malicious JavaScript into the central web interface. 𝗖𝗩𝗦𝗦 𝗕𝗮𝘀𝗲 𝗦𝗰𝗼𝗿𝗲: 9.1 (Critical) 𝗔𝗰𝘁𝗶𝗼𝗻: 1️⃣ Update to 2.4.0p14, 2.3.0p39 or later 2️⃣ Disable “Trust this site completely” for remote sites 𝗙𝘂𝗹𝗹 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: https://lnkd.in/d78PemTu *** ⚠️ 𝗖𝗵𝗲𝗰𝗸𝗺𝗸 𝗔𝗴𝗲𝗻𝘁 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟮𝟵𝟭𝟵) A Privilege Escalation vulnerability in the win_license plugin of Checkmk agents for Windows allows low-privileged users to gain Local System access due to insecure temporary file handling. 𝗖𝗩𝗦𝗦 𝗕𝗮𝘀𝗲 𝗦𝗰𝗼𝗿𝗲: 8.8 (High) 𝗙𝘂𝗹𝗹 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: https://lnkd.in/gBhzkXu8 *** ⚠️ 𝗖𝗵𝗲𝗰𝗸𝗺𝗸 𝗣𝗮𝘁𝗵 𝗧𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟵𝟲𝟲𝟰) 𝗙𝘂𝗹𝗹 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: https://lnkd.in/gUf-X2mY *** 🔐 Don’t wait – patch now! CVE Program #CyberSecurity #Checkmk #CVE #VulnerabilityAlert #PatchNow #SBASecurityAdvisory #ProfessionalServices