Werk #18349: mk_sap.aix: Drop support of the agent plugin
Component | Checks & agents | ||||||
Title | mk_sap.aix: Drop support of the agent plugin | ||||||
Date | Aug 12, 2025 | ||||||
Level | Trivial Change | ||||||
Class | Bug Fix | ||||||
Compatibility | Incompatible - Manual interaction might be required | ||||||
Checkmk versions & editions |
|
With this Werk we remove the agent plugin mk_sap.aix
from all supported Checkmk versions.
This affects users who are monitoring one or more services of the plugin "AIX: SAP Process List" (services starting in "SAP Process").
The agent plugin (usually executed as root) runs commands determined in a dynamic manner, and it is unclear to us whether this poses a threat.
We don't know if this is actually an exploitable vulnerability, so we decided to not assign a CVE. However we don't want to ignore this either, so we decided to remove the plugin for the following reasons:
- We lack the domain knowledge to thoroughly assess and fix this issue
- The plugin has not been actively maintained in over ten years. It is unclear to us if the used third party tools are still in use
The agent plugin is removed from all supported versions, while the check plugin (which is uncritical) is only removed from 2.5 onwards.
If you are using this plugin and think that it should stay a maintained part of Checkmk, please get it touch. With sufficient domain knowledge, it should be possible to rewrite this plugin to eliminate any potential risks.