Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2021-40905
HistoryMar 25, 2022 - 10:20 p.m.

CVE-2021-40905

2022-03-2522:20:01
mitre
www.cve.org
4
cve-2021-40905
checkmk enterprise
web management
remote code execution
.mkp" files
access control
administrator role

AI Score

9.2

Confidence

High

EPSS

0.006

Percentile

78.1%

JSON

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of “.mkp” files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner

Related

prion 1
nvd 1
vulnrichment 1
openvas 1
githubexploit 1
cve 1
prion
prion
Remote code execution
2022-03-25 23:15:00
nvd
nvd
CVE-2021-40905
2022-03-25 23:15:08
vulnrichment
vulnrichment
CVE-2021-40905
2022-03-25 22:20:01
openvas
openvas
Checkmk 1.5.x <= 2.0.0p17 RCE Vulnerability
2022-03-29 00:00:00
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Tribe29 Checkmk
2021-10-12 09:36:56
cve
cve
CVE-2021-40905
2022-03-25 23:15:08

AI Score

9.2

Confidence

High

EPSS

0.006

Percentile

78.1%

JSON
Related for CVELIST:CVE-2021-40905
prion1nvd1vulnrichment1openvas1githubexploit1cve1