CVE-2014-2332

Published: Aug 31, 2015Modified: May 6, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

Affected (2)

Products: Check Mk Project: Check Mk

Check Mk Project

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Check Mk Project Check Mk	Up to 1.2.2
Check Mk Project Check Mk	Up to 1.2.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/archive/1/531594

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/531656

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/531594

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/531656

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.