Search criteria
112 vulnerabilities
CVE-2026-48136 (GCVE-0-2026-48136)
Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-05-26 14:16
VLAI
Title
Authenticated Administrator Role-Based Access Control Bypass in Compliance
Summary
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
Severity
4.1 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Quantum Security Management |
Affected:
R82.10 with Jumbo Hotfix Take 6 or below
Affected: R82 with Jumbo Hotfix Take 91 or below Affected: R81.20 with Jumbo Hotfix Take 127 or below Affected: All releases from R81.10 and below |
{
"containers": {
"cna": {
"affected": [
{
"product": "Quantum Security Management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R82.10 with Jumbo Hotfix Take 6 or below"
},
{
"status": "affected",
"version": "R82 with Jumbo Hotfix Take 91 or below"
},
{
"status": "affected",
"version": "R81.20 with Jumbo Hotfix Take 127 or below"
},
{
"status": "affected",
"version": "All releases from R81.10 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:16:34.470Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184992"
}
],
"title": "Authenticated Administrator Role-Based Access Control Bypass in Compliance"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-48136",
"datePublished": "2026-05-26T12:57:29.298Z",
"dateReserved": "2026-05-20T19:29:00.635Z",
"dateUpdated": "2026-05-26T14:16:34.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48135 (GCVE-0-2026-48135)
Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-05-27 18:36
VLAI
Title
HTTP service can incorrectly process malformed HTTP requests
Summary
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.
The issue is related to HTTP request parsing and validation.
Severity
5.3 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Quantum Security Gateway |
Affected:
R82.10 with Jumbo Hotfix Take 6 or below
Affected: R82 with Jumbo Hotfix Take 91 or below Affected: R81.20 with Jumbo Hotfix Take 127 or below Affected: All releases from R81.10 and below |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T14:48:38.051261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:36:10.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Quantum Security Gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R82.10 with Jumbo Hotfix Take 6 or below"
},
{
"status": "affected",
"version": "R82 with Jumbo Hotfix Take 91 or below"
},
{
"status": "affected",
"version": "R81.20 with Jumbo Hotfix Take 127 or below"
},
{
"status": "affected",
"version": "All releases from R81.10 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.\nThe issue is related to HTTP request parsing and validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:16:28.067Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184991"
}
],
"title": "HTTP service can incorrectly process malformed HTTP requests"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-48135",
"datePublished": "2026-05-26T12:57:19.074Z",
"dateReserved": "2026-05-20T19:29:00.635Z",
"dateUpdated": "2026-05-27T18:36:10.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48134 (GCVE-0-2026-48134)
Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-05-26 14:16
VLAI
Title
SQL injection issue in UserCheck Portal when DLP Software Blade is active
Summary
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.
Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
Severity
5.6 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Quantum Security Gateway |
Affected:
R82.10 with Jumbo Hotfix Take 6 or below
Affected: R82 with Jumbo Hotfix Take 91 or below Affected: R81.20 with Jumbo Hotfix Take 127 or below Affected: All releases from R81.10 and below |
{
"containers": {
"cna": {
"affected": [
{
"product": "Quantum Security Gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R82.10 with Jumbo Hotfix Take 6 or below"
},
{
"status": "affected",
"version": "R82 with Jumbo Hotfix Take 91 or below"
},
{
"status": "affected",
"version": "R81.20 with Jumbo Hotfix Take 127 or below"
},
{
"status": "affected",
"version": "All releases from R81.10 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway\u0027s stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.\nExposure is reduced if the UserCheck Portal is not accessible from untrusted networks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:16:21.332Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184983"
}
],
"title": "SQL injection issue in UserCheck Portal when DLP Software Blade is active"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-48134",
"datePublished": "2026-05-26T12:57:07.767Z",
"dateReserved": "2026-05-20T19:29:00.635Z",
"dateUpdated": "2026-05-26T14:16:21.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48133 (GCVE-0-2026-48133)
Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-05-26 14:16
VLAI
Title
Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
Summary
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
Severity
7.5 (High)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Quantum Security Gateway |
Affected:
R82.10 with Jumbo Hotfix Take 6 or below
Affected: R82 with Jumbo Hotfix Take 91 or below Affected: R81.20 with Jumbo Hotfix Take 127 or below Affected: All releases from R81.10 and below |
{
"containers": {
"cna": {
"affected": [
{
"product": "Quantum Security Gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R82.10 with Jumbo Hotfix Take 6 or below"
},
{
"status": "affected",
"version": "R82 with Jumbo Hotfix Take 91 or below"
},
{
"status": "affected",
"version": "R81.20 with Jumbo Hotfix Take 127 or below"
},
{
"status": "affected",
"version": "All releases from R81.10 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:16:14.984Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184993"
}
],
"title": "Identity Awareness Captive Portal - Unauthenticated Local File Inclusion"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-48133",
"datePublished": "2026-05-26T12:56:56.250Z",
"dateReserved": "2026-05-20T19:29:00.635Z",
"dateUpdated": "2026-05-26T14:16:14.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48132 (GCVE-0-2026-48132)
Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-05-26 14:16
VLAI
Title
VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
Summary
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
Severity
8.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Quantum Security Gateway |
Affected:
R82.10 with Jumbo Hotfix Take 6 or below
Affected: R82 with Jumbo Hotfix Take 91 or below Affected: R81.20 with Jumbo Hotfix Take 127 or below Affected: All releases from R81.10 and below |
{
"containers": {
"cna": {
"affected": [
{
"product": "Quantum Security Gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R82.10 with Jumbo Hotfix Take 6 or below"
},
{
"status": "affected",
"version": "R82 with Jumbo Hotfix Take 91 or below"
},
{
"status": "affected",
"version": "R81.20 with Jumbo Hotfix Take 127 or below"
},
{
"status": "affected",
"version": "All releases from R81.10 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:16:07.343Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184982"
}
],
"title": "VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-48132",
"datePublished": "2026-05-26T12:56:47.693Z",
"dateReserved": "2026-05-20T19:29:00.635Z",
"dateUpdated": "2026-05-26T14:16:07.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48131 (GCVE-0-2026-48131)
Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-05-26 15:18
VLAI
Title
VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero
Summary
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
Severity
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Quantum Security Gateway |
Affected:
R82.10 with Jumbo Hotfix Take 6 or below
Affected: R82 with Jumbo Hotfix Take 91 or below Affected: R81.20 with Jumbo Hotfix Take 127 or below Affected: All releases from R81.10 and below |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T15:12:47.698813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T15:18:43.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Quantum Security Gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R82.10 with Jumbo Hotfix Take 6 or below"
},
{
"status": "affected",
"version": "R82 with Jumbo Hotfix Take 91 or below"
},
{
"status": "affected",
"version": "R81.20 with Jumbo Hotfix Take 127 or below"
},
{
"status": "affected",
"version": "All releases from R81.10 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:15:50.325Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184981"
}
],
"title": "VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-48131",
"datePublished": "2026-05-26T12:56:08.817Z",
"dateReserved": "2026-05-20T19:29:00.635Z",
"dateUpdated": "2026-05-26T15:18:43.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3502 (GCVE-0-2026-3502)
Vulnerability from cvelistv5 – Published: 2026-03-30 18:05 – Updated: 2026-04-03 03:55
VLAI
CISA KEV
Title
TrueConf Client Update Integrity Verification Bypass
Summary
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
Severity
7.8 (High)
CWE
- CWE-494 - Download of Code Without Integrity Check.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TrueConf | TrueConf Client |
Affected:
TrueConf Client versions 8.1.0 through 8.5.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3502",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-02",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T03:55:23.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T00:00:00.000Z",
"value": "CVE-2026-3502 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TrueConf Client",
"vendor": "TrueConf",
"versions": [
{
"status": "affected",
"version": "TrueConf Client versions 8.1.0 through 8.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T18:05:42.806Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://trueconf.com/blog/update/trueconf-8-5"
}
],
"title": "TrueConf Client Update Integrity Verification Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-3502",
"datePublished": "2026-03-30T18:05:42.806Z",
"dateReserved": "2026-03-03T21:18:35.221Z",
"dateUpdated": "2026-04-03T03:55:23.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9142 (GCVE-0-2025-9142)
Vulnerability from cvelistv5 – Published: 2026-01-14 14:30 – Updated: 2026-01-14 14:50
VLAI
Title
Local privilege escalation in Harmony SASE Windows Agent
Summary
A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.
Severity
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Hramony SASE |
Affected:
Check Point Harmony SASE Windows Agent versions prior to 12.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:49:40.165312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:50:03.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hramony SASE",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Harmony SASE Windows Agent versions prior to 12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:30:48.630Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184557"
}
],
"title": "Local privilege escalation in Harmony SASE Windows Agent"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2025-9142",
"datePublished": "2026-01-14T14:30:48.630Z",
"dateReserved": "2025-08-19T07:06:49.638Z",
"dateUpdated": "2026-01-14T14:50:03.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8305 (GCVE-0-2025-8305)
Vulnerability from cvelistv5 – Published: 2025-12-22 07:58 – Updated: 2025-12-22 13:55
VLAI
Title
Information Disclosure in Identity Agent Debug Files
Summary
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
Severity
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Identity Awareness |
Affected:
Check Point Identity Agent Multi User Host Agent under version 81.084.0000
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T13:55:20.829952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T13:55:37.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Identity Awareness",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T07:58:06.768Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184264"
}
],
"title": "Information Disclosure in Identity Agent Debug Files"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2025-8305",
"datePublished": "2025-12-22T07:58:06.768Z",
"dateReserved": "2025-07-29T10:29:12.712Z",
"dateUpdated": "2025-12-22T13:55:37.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8304 (GCVE-0-2025-8304)
Vulnerability from cvelistv5 – Published: 2025-12-22 07:57 – Updated: 2025-12-22 17:05
VLAI
Title
Information Disclosure in Identity Agent Registry Keys
Summary
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
Severity
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Identity Agent |
Affected:
Check Point Identity Agent Multi User Host Agent under version 81.084.0000
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T17:05:23.947183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T17:05:37.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Identity Agent",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T07:57:50.103Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk184263"
}
],
"title": "Information Disclosure in Identity Agent Registry Keys"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2025-8304",
"datePublished": "2025-12-22T07:57:50.103Z",
"dateReserved": "2025-07-29T10:29:06.543Z",
"dateUpdated": "2025-12-22T17:05:37.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3831 (GCVE-0-2025-3831)
Vulnerability from cvelistv5 – Published: 2025-08-12 14:48 – Updated: 2025-08-12 15:02
VLAI
Title
Exposed SFTP server
Summary
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
Severity
8.1 (High)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point Harmony SASE |
Affected:
Other
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:01:45.427366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:02:44.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Harmony SASE",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Other"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:48:26.195Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183761"
}
],
"title": "Exposed SFTP server"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2025-3831",
"datePublished": "2025-08-12T14:48:26.195Z",
"dateReserved": "2025-04-20T09:55:50.263Z",
"dateUpdated": "2025-08-12T15:02:44.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52885 (GCVE-0-2024-52885)
Vulnerability from cvelistv5 – Published: 2025-08-06 14:45 – Updated: 2025-08-06 15:03
VLAI
Title
Path Traversal
Summary
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
Severity
5 (Medium)
CWE
- CWE-35 - Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point Mobile Access |
Affected:
Check Point Mobile Access versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:02:46.396665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:03:53.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Mobile Access",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Mobile Access versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mobile Access Portal\u0027s File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of \u0027nobody\u0027-accessible directories on the Mobile Access gateway."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T14:45:43.182Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183137"
}
],
"title": "Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-52885",
"datePublished": "2025-08-06T14:45:43.182Z",
"dateReserved": "2024-11-17T08:00:07.201Z",
"dateUpdated": "2025-08-06T15:03:53.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2028 (GCVE-0-2025-2028)
Vulnerability from cvelistv5 – Published: 2025-08-06 14:44 – Updated: 2025-08-06 15:05
VLAI
Title
Lack of TLS validation
Summary
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
Severity
6.5 (Medium)
CWE
- CWE-295 - Improper Certificate Validation.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point Management Log Server |
Affected:
versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:05:10.377561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:05:22.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Management Log Server",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T14:44:31.807Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183349"
}
],
"title": "Lack of TLS validation"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2025-2028",
"datePublished": "2025-08-06T14:44:31.807Z",
"dateReserved": "2025-03-06T08:12:54.608Z",
"dateUpdated": "2025-08-06T15:05:22.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24915 (GCVE-0-2024-24915)
Vulnerability from cvelistv5 – Published: 2025-06-29 12:02 – Updated: 2025-06-30 13:32
VLAI
Title
SmartConsole Sensitive Credential Exposure via Memory Dump
Summary
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
Severity
6.1 (Medium)
CWE
- CWE-316 - The product stores sensitive information in cleartext in memory.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point SmartConsole |
Affected:
Check Point SmartConsole versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:14:08.984786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:32:15.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point SmartConsole",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point SmartConsole versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "The product stores sensitive information in cleartext in memory.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T12:02:41.126Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183545"
}
],
"title": "SmartConsole Sensitive Credential Exposure via Memory Dump"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24915",
"datePublished": "2025-06-29T12:02:41.126Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-06-30T13:32:15.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24916 (GCVE-0-2024-24916)
Vulnerability from cvelistv5 – Published: 2025-06-19 13:17 – Updated: 2025-06-20 13:11
VLAI
Title
DLL-HiJacking
Summary
Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
Severity
6.5 (Medium)
CWE
- CWE-427 - The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point SmartConsole |
Affected:
Check Point SmartConsole versions R81.10, R81.20
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T13:06:34.598794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:11:11.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point SmartConsole",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point SmartConsole versions R81.10, R81.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted DLLs in the installer\u0027s directory may be loaded and executed, leading to potentially arbitrary code execution with the installer\u0027s privileges (admin)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T13:17:39.651Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183342"
}
],
"title": "DLL-HiJacking"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24916",
"datePublished": "2025-06-19T13:17:39.651Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-06-20T13:11:11.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52888 (GCVE-0-2024-52888)
Vulnerability from cvelistv5 – Published: 2025-04-27 07:46 – Updated: 2025-04-28 16:31
VLAI
Title
Stored-XSS
Summary
For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
Severity
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point Mobile Access |
Affected:
Check Point Mobile Access versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:48:42.433559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:15.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Mobile Access",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Mobile Access versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For an authenticated end-user the portal may run a script while attempting to display a directory or some file\u0027s properties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T07:46:53.542Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183055"
}
],
"title": "Stored-XSS"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-52888",
"datePublished": "2025-04-27T07:46:53.542Z",
"dateReserved": "2024-11-17T08:00:07.201Z",
"dateUpdated": "2025-04-28T16:31:15.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52887 (GCVE-0-2024-52887)
Vulnerability from cvelistv5 – Published: 2025-04-27 07:46 – Updated: 2025-04-28 16:31
VLAI
Title
Self-XSS
Summary
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point Mobile Access |
Affected:
Check Point Mobile Access versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:49:03.217887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:21.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Mobile Access",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Mobile Access versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T07:46:23.027Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183054"
}
],
"title": "Self-XSS"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-52887",
"datePublished": "2025-04-27T07:46:23.027Z",
"dateReserved": "2024-11-17T08:00:07.201Z",
"dateUpdated": "2025-04-28T16:31:21.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24911 (GCVE-0-2024-24911)
Vulnerability from cvelistv5 – Published: 2025-02-06 13:46 – Updated: 2025-02-06 14:11
VLAI
Title
Out of Bounds read in the CPCA process on Check Point Management Server
Summary
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
Severity
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Multi-Domain Security Management, Quantum Security Management |
Affected:
Quantum Security Management R81 (EOS), R81.10, R81.20
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:11:40.331277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:11:48.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multi-Domain Security Management, Quantum Security Management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Quantum Security Management R81 (EOS), R81.10, R81.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway\u0027s CRL cache."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T13:46:11.824Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183101"
}
],
"title": "Out of Bounds read in the CPCA process on Check Point Management Server"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24911",
"datePublished": "2025-02-06T13:46:11.824Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-02-06T14:11:48.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24914 (GCVE-0-2024-24914)
Vulnerability from cvelistv5 – Published: 2024-11-07 11:25 – Updated: 2024-11-07 17:33
VLAI
Summary
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
Severity
CWE
- CWE-914 - Improper Control of Dynamically-Identified Variables
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management |
Affected:
Check Point Quantum Gateways versions R81, R81.10, R81.20
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:clusterxl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clusterxl",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:multi-domain_management:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "multi-domain_management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_appliances:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_maestro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_maestro",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_scalable_chassis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_scalable_chassis",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_security_gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_security_management:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_security_management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:56:57.795526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:33:31.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Quantum Gateways versions R81, R81.10, R81.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "CWE-914: Improper Control of Dynamically-Identified Variables",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T11:25:53.238Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182743"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24914",
"datePublished": "2024-11-07T11:25:53.238Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2024-11-07T17:33:31.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24919 (GCVE-0-2024-24919)
Vulnerability from cvelistv5 – Published: 2024-05-28 18:22 – Updated: 2025-10-21 23:05
VLAI
CISA KEV
Title
Information disclosure
Summary
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Severity
8.6 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Check Point Quantum Gateway, Spark Gateway and CloudGuard Network |
Affected:
Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20.
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24919",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T04:00:11.841700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-05-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:17.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-30T00:00:00.000Z",
"value": "CVE-2024-24919 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk182336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Quantum Gateway, Spark Gateway and CloudGuard Network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T12:40:21.757Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182336"
}
],
"title": "Information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24919",
"datePublished": "2024-05-28T18:22:19.401Z",
"dateReserved": "2024-02-01T15:19:26.279Z",
"dateUpdated": "2025-10-21T23:05:17.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24912 (GCVE-0-2024-24912)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:22 – Updated: 2024-08-01 23:36
VLAI
Title
Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file
Summary
A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
Severity
6.7 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Harmony Endpoint Security Client for Windows |
Affected:
Harmony Endpoint Security Client for Windows versions E88.10 and below
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:harmony_endpoint:e83:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "harmony_endpoint",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "e88.10"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T17:15:29.343054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:34.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk182244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Harmony Endpoint Security Client for Windows",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Harmony Endpoint Security Client for Windows versions E88.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kolja Grassmann (Cirosec GmbH)"
},
{
"lang": "en",
"type": "finder",
"value": "Alain R\u00f6del (Neodyme)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T13:22:48.486Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182244"
}
],
"title": "Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24912",
"datePublished": "2024-05-01T13:22:48.486Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2024-08-01T23:36:20.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24910 (GCVE-0-2024-24910)
Vulnerability from cvelistv5 – Published: 2024-04-18 17:35 – Updated: 2025-09-29 12:30
VLAI
Title
LocalprivilegeescalationinCheckPointZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,andIdentityAgentforWindowsTerminalServerviacraftedDLLfile
Summary
A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
Severity
7.3 (High)
CWE
- CWE-732 - IncorrectPermissionAssignmentforCriticalResource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | ZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,IdentityAgentforWindowsTerminalServer |
Affected:
ZoneAlarmExtremeSecurityNextGen-versionslowerthan4.2.7,IdentityAgentforWindows-versionslowerthanR81.070.0000,IdentityAgentforWindowsTerminalServer-versionslowerthanR81.070.0000
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:identity_agent:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "identity_agent",
"vendor": "checkpoint",
"versions": [
{
"lessThan": "R81.070.0000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:zonealarm_extreme_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zonealarm_extreme_security",
"vendor": "checkpoint",
"versions": [
{
"lessThan": "4.2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T19:46:15.022279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:02.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk182219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,IdentityAgentforWindowsTerminalServer",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "ZoneAlarmExtremeSecurityNextGen-versionslowerthan4.2.7,IdentityAgentforWindows-versionslowerthanR81.070.0000,IdentityAgentforWindowsTerminalServer-versionslowerthanR81.070.0000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732:IncorrectPermissionAssignmentforCriticalResource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T12:30:45.141Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182219"
}
],
"title": "LocalprivilegeescalationinCheckPointZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,andIdentityAgentforWindowsTerminalServerviacraftedDLLfile"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24910",
"datePublished": "2024-04-18T17:35:42.688Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-09-29T12:30:45.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28134 (GCVE-0-2023-28134)
Vulnerability from cvelistv5 – Published: 2023-11-12 22:36 – Updated: 2024-09-03 18:31
VLAI
Title
Local Privliege Escalation in Check Point Endpoint Security Remediation Service
Summary
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Harmony Endpoint. |
Affected:
E84.x (EOL), E85.x (EOL), E86.x, E87.x before E81.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk181597"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T18:29:08.779971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:31:14.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Harmony Endpoint.",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "E84.x (EOL), E85.x (EOL), E86.x, E87.x before E81.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-12T22:36:19.549Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk181597"
}
],
"title": "Local Privliege Escalation in Check Point Endpoint Security Remediation Service"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28134",
"datePublished": "2023-11-12T22:36:19.549Z",
"dateReserved": "2023-03-10T21:20:19.555Z",
"dateUpdated": "2024-09-03T18:31:14.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28130 (GCVE-0-2023-28130)
Vulnerability from cvelistv5 – Published: 2023-07-26 10:57 – Updated: 2025-02-13 16:45
VLAI
Summary
Local user may lead to privilege escalation using Gaia Portal hostnames page.
Severity
7.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Quantum Appliances, Quantum Security Gateways |
Affected:
R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk181311"
},
{
"tags": [
"x_transferred"
],
"url": "https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gaia_portal",
"vendor": "checkpoint",
"versions": [
{
"lessThan": "take14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "take82",
"status": "affected",
"version": "r81.10",
"versionType": "custom"
},
{
"lessThan": "take198",
"status": "affected",
"version": "r80.40",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28130",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T03:55:42.786958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:37:14.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Quantum Appliances, Quantum Security Gateways",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local user may lead to privilege escalation using Gaia Portal hostnames page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T11:06:16.396Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk181311"
},
{
"url": "https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/4"
},
{
"url": "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28130",
"datePublished": "2023-07-26T10:57:02.708Z",
"dateReserved": "2023-03-10T21:20:19.555Z",
"dateUpdated": "2025-02-13T16:45:40.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28133 (GCVE-0-2023-28133)
Vulnerability from cvelistv5 – Published: 2023-07-23 09:07 – Updated: 2024-10-24 15:52
VLAI
Summary
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
Severity
No CVSS data available.
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Harmony Endpoint. |
Affected:
E87.x before E81.31
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk181276"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T15:52:41.369872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T15:52:50.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Harmony Endpoint.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "E87.x before E81.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-23T11:16:41.704Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk181276"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28133",
"datePublished": "2023-07-23T09:07:35.383Z",
"dateReserved": "2023-03-10T21:20:19.555Z",
"dateUpdated": "2024-10-24T15:52:50.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28131 (GCVE-0-2023-28131)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 16:33
VLAI
Summary
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
Severity
9.6 (Critical)
CWE
- The use of AuthSession modules’s useProxy in Expo below SDK 48 may allow OAuth hijacking, which leads to credentials theft and Account Takeover.
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Expo.io | Expo AuthSession module |
Affected:
All versions prior to SDK 48.* (Affected SDK 45.*, 46.* and 47.*)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:33:49.057475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:33:56.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Expo AuthSession module",
"vendor": "Expo.io",
"versions": [
{
"status": "affected",
"version": "All versions prior to SDK 48.* (Affected SDK 45.*, 46.* and 47.*)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the \"Expo AuthSession Redirect Proxy\" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The use of AuthSession modules\u2019s useProxy in Expo below SDK 48 may allow OAuth hijacking, which leads to credentials theft and Account Takeover.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T00:00:00.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df"
},
{
"url": "https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28131",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-04T16:33:56.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23746 (GCVE-0-2022-23746)
Vulnerability from cvelistv5 – Published: 2022-11-30 00:00 – Updated: 2025-04-25 14:31
VLAI
Summary
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
Severity
7.5 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Gateway & Management, IPsec VPN blade SNX portal. |
Affected:
R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk180271"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T14:31:35.502955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:31:53.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Gateway \u0026 Management, IPsec VPN blade SNX portal.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-01T00:00:00.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk180271"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23746",
"datePublished": "2022-11-30T00:00:00.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:31:53.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23748 (GCVE-0-2022-23748)
Vulnerability from cvelistv5 – Published: 2022-11-17 00:00 – Updated: 2025-10-21 23:15
VLAI
CISA KEV
Summary
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
Severity
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Audinate Dante Application Library for Windows |
Affected:
All versions prior to and including 1.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23748",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T17:19:39.559883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-02-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23748"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:31.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23748"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00.000Z",
"value": "CVE-2022-23748 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Audinate Dante Application Library for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114: Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C"
},
{
"url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23748",
"datePublished": "2022-11-17T00:00:00.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:31.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23747 (GCVE-0-2022-23747)
Vulnerability from cvelistv5 – Published: 2022-08-17 20:52 – Updated: 2024-08-03 03:51
VLAI
Summary
In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cpr-zero.checkpoint.com/vulns/cprid-2191/ | x_refsource_MISC |
| https://research.checkpoint.com/2022/bad-alac-one… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Sony Xperia |
Affected:
series 1, 5, and Pro
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sony Xperia",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "series 1, 5, and Pro"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:52:26.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2022-23747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sony Xperia",
"version": {
"version_data": [
{
"version_value": "series 1, 5, and Pro"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/",
"refsource": "MISC",
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/"
},
{
"name": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23747",
"datePublished": "2022-08-17T20:52:26.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:46.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23745 (GCVE-0-2022-23745)
Vulnerability from cvelistv5 – Published: 2022-07-18 16:09 – Updated: 2024-08-03 03:51
VLAI
Summary
A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.
Severity
No CVSS data available.
CWE
- CWE-1218 - Memory Buffer Errors
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportcenter.us.checkpoint.com/supportce… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Checkpoint Harmony Capsule Workspace |
Affected:
before 8.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Checkpoint Harmony Capsule Workspace",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 8.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1218",
"description": "CWE-1218: Memory Buffer Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T16:09:00.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2022-23745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Checkpoint Harmony Capsule Workspace",
"version": {
"version_data": [
{
"version_value": "before 8.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1218: Memory Buffer Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646",
"refsource": "MISC",
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23745",
"datePublished": "2022-07-18T16:09:20.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:51:45.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}