Werk #18349: mk_sap.aix: Drop support of the agent plugin

Component Checks & agents
Title mk_sap.aix: Drop support of the agent plugin
Date Aug 12, 2025
Level Trivial Change
Class Bug Fix
Compatibility Incompatible - Manual interaction might be required
Checkmk versions & editions
2.5.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0p10 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p36 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

With this Werk we remove the agent plugin mk_sap.aix from all supported Checkmk versions. This affects users who are monitoring one or more services of the plugin "AIX: SAP Process List" (services starting in "SAP Process").

The agent plugin (usually executed as root) runs commands determined in a dynamic manner, and it is unclear to us whether this poses a threat.

We don't know if this is actually an exploitable vulnerability, so we decided to not assign a CVE. However we don't want to ignore this either, so we decided to remove the plugin for the following reasons:

  • We lack the domain knowledge to thoroughly assess and fix this issue
  • The plugin has not been actively maintained in over ten years. It is unclear to us if the used third party tools are still in use

The agent plugin is removed from all supported versions, while the check plugin (which is uncritical) is only removed from 2.5 onwards.

If you are using this plugin and think that it should stay a maintained part of Checkmk, please get it touch. With sufficient domain knowledge, it should be possible to rewrite this plugin to eliminate any potential risks.

To the list of all Werks