← back
CVE-2024-47092

Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api

CVSS 7.7 HIGHEPSS 0.3%CWE-502
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
03 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
check-mk-api

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.checkmk.com/p/check-mk-apihttps://github.com/HeinleinSupport/check_mk_extensions/commit/b5a2a7529e3367d7a643e66f05da4f2a27013904