Arbitrary Command Execution in Tribe29 Checkmk SMS Notifications

Arbitrary Command Execution in Tribe29 Checkmk SMS Notifications

CVE-2022-46303 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.

Learn more about our Cis Benchmark Audit For Apple Ios.