CVE-2024-3367

{"id": "CVE-2024-3367", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@checkmk.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2024-04-16T12:15:10.463", "references": [{"url": "https://checkmk.com/werk/16615", "source": "security@checkmk.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@checkmk.com", "description": [{"lang": "en", "value": "CWE-349"}]}], "descriptions": [{"lang": "en", "value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc"}, {"lang": "es", "value": "La inyecci\u00f3n de argumentos en el complemento del agente websphere_mq en Checkmk 2.0.0, 2.1.0, &lt;2.2.0p25 y &lt;2.3.0b5 permite a un atacante local inyectar un argumento para ejecutar mqsc"}], "lastModified": "2024-04-24T12:15:07.093", "sourceIdentifier": "security@checkmk.com"}