Home » Checkmk: A brand new safety gap! The vulnerability permits info disclosure and file manipulation

Checkmk: A brand new safety gap! The vulnerability permits info disclosure and file manipulation

by admin
Checkmk: A brand new safety gap!  The vulnerability permits info disclosure and file manipulation

As BSI now stories, a Checkmk vulnerability has been recognized. You can examine which working programs and merchandise are affected by the safety hole right here at information.de.

Federal Office for Security in Information Technology (BSI) issued a safety advisory for Checkmk on May 28, 2024. The UNIX working system and the Checkmk Checkmk product are affected by a safety vulnerability.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: CheckMK Werk #15200 – Limit check_sftp native strategies (Stop: 28.05.2024).

Checkmk safety discover – danger: excessive

Risk degree: 3 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS customary makes it attainable to match potential or precise safety dangers based mostly on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally consider adjustments over time within the danger state of affairs. The danger of the vulnerability talked about right here is classed as “excessive” in keeping with the CVSS with a base rating of 8.8.

Checkmk bug: Vulnerability permits info disclosure and file modification

Checkmk is an IT monitoring software program.

A distant, approved attacker might exploit a vulnerability in Checkmk to reveal info and modify information.

See also  CSSC plans to increase capital to purchase the company's stock to resume trading on January 13_New Energy_Equity_Restructuring

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-28826 on the market.

Systems affected by the Checkmk safety vulnerability at a look

working system

Checkmk Checkmk Checkmk Checkmk Checkmk Checkmk Checkmk

General steps for coping with IT vulnerabilities

  1. Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically incorporates extra details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently test the desired sources to see if a brand new safety replace is on the market.

Sources for updates, patches and workarounds

Here you will see some hyperlinks with details about bug stories, safety fixes and workarounds.

CheckMK Werk #15200 – Limit check_sftp native paths vom 2024-05-28 (28.05.2024)
For extra info, see:

Version historical past of this safety alert

This is the primary model of this Checkmk IT safety discover. If updates are introduced, this doc will likely be up to date. You can see the adjustments made utilizing the model historical past under.

May 28, 2024 – First model

+++ Editorial word: This doc relies on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

See also  The final content update for Rogue Legacy 2 is here

comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial workforce.


You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy