Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    115 vulnerabilities

    CVE-2026-10847 (GCVE-0-2026-10847)

    Vulnerability from cvelistv5 – Published: 2026-06-11 13:52 – Updated: 2026-06-11 14:20
    VLAI
    Title
    Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS
    Summary
    A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Agent Affected: Versions prior to 81.087.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T14:19:16.357809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T14:20:43.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Agent",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 81.087.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T13:52:11.651Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "Check Point Security Advisory for CVE-2026-10847",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.checkpoint.com/results/sk/sk185052"
            }
          ],
          "title": "Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-10847",
        "datePublished": "2026-06-11T13:52:11.651Z",
        "dateReserved": "2026-06-04T12:13:32.828Z",
        "dateUpdated": "2026-06-11T14:20:43.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50751 (GCVE-0-2026-50751)

    Vulnerability from cvelistv5 – Published: 2026-06-08 11:07 – Updated: 2026-06-10 13:37
    VLAI CISA CIRCL KEVIntel
    Title
    User Authentication Bypass in VPN Remote Access and Mobile Access
    Summary
    A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication.
    Assigner
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 19 or below
    Affected: R82 with Jumbo Hotfix Take 103 or below
    Affected: R81.20 with Jumbo Hotfix Take 141 or below
    Affected: R81.10, R81, and R80.40
    Create a notification for this product.
    checkpoint Spark Firewalls Affected: R80.20.X, R81.10.X, and R82.00.X
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.3,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50751",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T03:55:36.834802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-08",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:37:27.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory"
                ],
                "url": "https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 19 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 103 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 141 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.10, R81, and R80.40"
                }
              ]
            },
            {
              "product": "Spark Firewalls",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R80.20.X, R81.10.X, and R82.00.X"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password."
            }
          ],
          "metrics": [
            {
              "format": "CVSS",
              "other": {
                "content": {
                  "attackComplexity": "LOW",
                  "attackRequirements": "NONE",
                  "attackVector": "NETWORK",
                  "baseScore": 9.3,
                  "baseSeverity": "CRITICAL",
                  "privilegesRequired": "NONE",
                  "subAvailabilityImpact": "NONE",
                  "subConfidentialityImpact": "NONE",
                  "subIntegrityImpact": "NONE",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                  "version": "4.0",
                  "vulnAvailabilityImpact": "LOW",
                  "vulnConfidentialityImpact": "HIGH",
                  "vulnIntegrityImpact": "HIGH"
                },
                "type": "CVSSv4.0"
              },
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T11:07:15.746Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk185033"
            }
          ],
          "title": "User Authentication Bypass in VPN Remote Access and Mobile Access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-50751",
        "datePublished": "2026-06-08T11:07:15.746Z",
        "dateReserved": "2026-06-07T09:42:08.251Z",
        "dateUpdated": "2026-06-10T13:37:27.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50752 (GCVE-0-2026-50752)

    Vulnerability from cvelistv5 – Published: 2026-06-08 11:00 – Updated: 2026-06-10 13:36
    VLAI
    Title
    Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1
    Summary
    A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 19 or below
    Affected: R82 with Jumbo Hotfix Take 103 or below
    Affected: R81.20 with Jumbo Hotfix Take 141 or below
    Affected: R81.10, R81, and R80.40
    Create a notification for this product.
    checkpoint Spark Firewalls Affected: R80.20.X, R81.10.X, and R82.00.X
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T03:55:37.901004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:36:24.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 19 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 103 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 141 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.10, R81, and R80.40"
                }
              ]
            },
            {
              "product": "Spark Firewalls",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R80.20.X, R81.10.X, and R82.00.X"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T11:00:38.563Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk185035"
            }
          ],
          "title": "Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-50752",
        "datePublished": "2026-06-08T11:00:38.563Z",
        "dateReserved": "2026-06-07T09:42:08.252Z",
        "dateUpdated": "2026-06-10T13:36:24.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48136 (GCVE-0-2026-48136)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-06-02 14:17
    VLAI
    Title
    Authenticated Administrator Role-Based Access Control Bypass in Compliance
    Summary
    When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Management Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:41:27.298316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:17:00.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Management",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:34.470Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184992"
            }
          ],
          "title": "Authenticated Administrator Role-Based Access Control Bypass in Compliance"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48136",
        "datePublished": "2026-05-26T12:57:29.298Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:17:00.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48135 (GCVE-0-2026-48135)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-05-27 18:36
    VLAI
    Title
    HTTP service can incorrectly process malformed HTTP requests
    Summary
    A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T14:48:38.051261Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:36:10.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.\nThe issue is related to HTTP request parsing and validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:28.067Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184991"
            }
          ],
          "title": "HTTP service can incorrectly process malformed HTTP requests"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48135",
        "datePublished": "2026-05-26T12:57:19.074Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-05-27T18:36:10.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48134 (GCVE-0-2026-48134)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-06-02 14:15
    VLAI
    Title
    SQL injection issue in UserCheck Portal when DLP Software Blade is active
    Summary
    When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly. Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:15:04.599414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:15:31.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway\u0027s stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.\nExposure is reduced if the UserCheck Portal is not accessible from untrusted networks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:21.332Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184983"
            }
          ],
          "title": "SQL injection issue in UserCheck Portal when DLP Software Blade is active"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48134",
        "datePublished": "2026-05-26T12:57:07.767Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:15:31.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48133 (GCVE-0-2026-48133)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-06-02 14:14
    VLAI
    Title
    Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
    Summary
    When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:14:15.264635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:14:24.478Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:14.984Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184993"
            }
          ],
          "title": "Identity Awareness Captive Portal - Unauthenticated Local File Inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48133",
        "datePublished": "2026-05-26T12:56:56.250Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:14:24.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48132 (GCVE-0-2026-48132)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-06-02 14:09
    VLAI
    Title
    VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
    Summary
    The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:09:04.979541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:09:19.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:07.343Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184982"
            }
          ],
          "title": "VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48132",
        "datePublished": "2026-05-26T12:56:47.693Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:09:19.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48131 (GCVE-0-2026-48131)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-05-26 15:18
    VLAI
    Title
    VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero
    Summary
    The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T15:12:47.698813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T15:18:43.287Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:15:50.325Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184981"
            }
          ],
          "title": "VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48131",
        "datePublished": "2026-05-26T12:56:08.817Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-05-26T15:18:43.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3502 (GCVE-0-2026-3502)

    Vulnerability from cvelistv5 – Published: 2026-03-30 18:05 – Updated: 2026-04-03 03:55
    VLAI CISA KEVIntel
    Title
    TrueConf Client Update Integrity Verification Bypass
    Summary
    TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check.
    Assigner
    Impacted products
    Vendor Product Version
    TrueConf TrueConf Client Affected: TrueConf Client versions 8.1.0 through 8.5.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3502",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-04-02",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T03:55:23.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3502"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-02T00:00:00.000Z",
                "value": "CVE-2026-3502 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TrueConf Client",
              "vendor": "TrueConf",
              "versions": [
                {
                  "status": "affected",
                  "version": "TrueConf Client versions 8.1.0 through 8.5.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494: Download of Code Without Integrity Check.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T18:05:42.806Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://trueconf.com/blog/update/trueconf-8-5"
            }
          ],
          "title": "TrueConf Client Update Integrity Verification Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-3502",
        "datePublished": "2026-03-30T18:05:42.806Z",
        "dateReserved": "2026-03-03T21:18:35.221Z",
        "dateUpdated": "2026-04-03T03:55:23.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9142 (GCVE-0-2025-9142)

    Vulnerability from cvelistv5 – Published: 2026-01-14 14:30 – Updated: 2026-01-14 14:50
    VLAI
    Title
    Local privilege escalation in Harmony SASE Windows Agent
    Summary
    A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Hramony SASE Affected: Check Point Harmony SASE Windows Agent versions prior to 12.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T14:49:40.165312Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T14:50:03.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hramony SASE",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Harmony SASE Windows Agent versions prior to 12.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T14:30:48.630Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184557"
            }
          ],
          "title": "Local privilege escalation in Harmony SASE Windows Agent"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-9142",
        "datePublished": "2026-01-14T14:30:48.630Z",
        "dateReserved": "2025-08-19T07:06:49.638Z",
        "dateUpdated": "2026-01-14T14:50:03.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8305 (GCVE-0-2025-8305)

    Vulnerability from cvelistv5 – Published: 2025-12-22 07:58 – Updated: 2025-12-22 13:55
    VLAI
    Title
    Information Disclosure in Identity Agent Debug Files
    Summary
    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Awareness Affected: Check Point Identity Agent Multi User Host Agent under version 81.084.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T13:55:20.829952Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T13:55:37.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Awareness",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T07:58:06.768Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184264"
            }
          ],
          "title": "Information Disclosure in Identity Agent Debug Files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-8305",
        "datePublished": "2025-12-22T07:58:06.768Z",
        "dateReserved": "2025-07-29T10:29:12.712Z",
        "dateUpdated": "2025-12-22T13:55:37.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8304 (GCVE-0-2025-8304)

    Vulnerability from cvelistv5 – Published: 2025-12-22 07:57 – Updated: 2025-12-22 17:05
    VLAI
    Title
    Information Disclosure in Identity Agent Registry Keys
    Summary
    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Agent Affected: Check Point Identity Agent Multi User Host Agent under version 81.084.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8304",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T17:05:23.947183Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T17:05:37.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Agent",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T07:57:50.103Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184263"
            }
          ],
          "title": "Information Disclosure in Identity Agent Registry Keys"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-8304",
        "datePublished": "2025-12-22T07:57:50.103Z",
        "dateReserved": "2025-07-29T10:29:06.543Z",
        "dateUpdated": "2025-12-22T17:05:37.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3831 (GCVE-0-2025-3831)

    Vulnerability from cvelistv5 – Published: 2025-08-12 14:48 – Updated: 2025-08-12 15:02
    VLAI
    Title
    Exposed SFTP server
    Summary
    Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    • CWE-798 - Use of Hard-coded Credentials.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:01:45.427366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:02:44.904Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Harmony SASE",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Other"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T14:48:26.195Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183761"
            }
          ],
          "title": "Exposed SFTP server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-3831",
        "datePublished": "2025-08-12T14:48:26.195Z",
        "dateReserved": "2025-04-20T09:55:50.263Z",
        "dateUpdated": "2025-08-12T15:02:44.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52885 (GCVE-0-2024-52885)

    Vulnerability from cvelistv5 – Published: 2025-08-06 14:45 – Updated: 2025-08-06 15:03
    VLAI
    Title
    Path Traversal
    Summary
    The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point Mobile Access Affected: Check Point Mobile Access versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52885",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T15:02:46.396665Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T15:03:53.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Mobile Access",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Mobile Access versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Mobile Access Portal\u0027s File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of \u0027nobody\u0027-accessible directories on the Mobile Access gateway."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-35",
                  "description": "CWE-35: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T14:45:43.182Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183137"
            }
          ],
          "title": "Path Traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-52885",
        "datePublished": "2025-08-06T14:45:43.182Z",
        "dateReserved": "2024-11-17T08:00:07.201Z",
        "dateUpdated": "2025-08-06T15:03:53.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2028 (GCVE-0-2025-2028)

    Vulnerability from cvelistv5 – Published: 2025-08-06 14:44 – Updated: 2025-08-06 15:05
    VLAI
    Title
    Lack of TLS validation
    Summary
    Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point Management Log Server Affected: versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T15:05:10.377561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T15:05:22.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Management Log Server",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T14:44:31.807Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183349"
            }
          ],
          "title": "Lack of TLS validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-2028",
        "datePublished": "2025-08-06T14:44:31.807Z",
        "dateReserved": "2025-03-06T08:12:54.608Z",
        "dateUpdated": "2025-08-06T15:05:22.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24915 (GCVE-0-2024-24915)

    Vulnerability from cvelistv5 – Published: 2025-06-29 12:02 – Updated: 2025-06-30 13:32
    VLAI
    Title
    SmartConsole Sensitive Credential Exposure via Memory Dump
    Summary
    Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-316 - The product stores sensitive information in cleartext in memory.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point SmartConsole Affected: Check Point SmartConsole versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:14:08.984786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:32:15.417Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point SmartConsole",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point SmartConsole versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "The product stores sensitive information in cleartext in memory.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-29T12:02:41.126Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183545"
            }
          ],
          "title": "SmartConsole Sensitive Credential Exposure via Memory Dump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24915",
        "datePublished": "2025-06-29T12:02:41.126Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-06-30T13:32:15.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24916 (GCVE-0-2024-24916)

    Vulnerability from cvelistv5 – Published: 2025-06-19 13:17 – Updated: 2025-06-20 13:11
    VLAI
    Title
    DLL-HiJacking
    Summary
    Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point SmartConsole Affected: Check Point SmartConsole versions R81.10, R81.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-20T13:06:34.598794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T13:11:11.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point SmartConsole",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point SmartConsole versions R81.10, R81.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted DLLs in the installer\u0027s directory may be loaded and executed, leading to potentially arbitrary code execution with the installer\u0027s privileges (admin)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T13:17:39.651Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183342"
            }
          ],
          "title": "DLL-HiJacking"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24916",
        "datePublished": "2025-06-19T13:17:39.651Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-06-20T13:11:11.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52888 (GCVE-0-2024-52888)

    Vulnerability from cvelistv5 – Published: 2025-04-27 07:46 – Updated: 2025-04-28 16:31
    VLAI
    Title
    Stored-XSS
    Summary
    For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point Mobile Access Affected: Check Point Mobile Access versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52888",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T15:48:42.433559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T16:31:15.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Mobile Access",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Mobile Access versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For an authenticated end-user the portal may run a script while attempting to display a directory or some file\u0027s properties."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-27T07:46:53.542Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183055"
            }
          ],
          "title": "Stored-XSS"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-52888",
        "datePublished": "2025-04-27T07:46:53.542Z",
        "dateReserved": "2024-11-17T08:00:07.201Z",
        "dateUpdated": "2025-04-28T16:31:15.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52887 (GCVE-0-2024-52887)

    Vulnerability from cvelistv5 – Published: 2025-04-27 07:46 – Updated: 2025-04-28 16:31
    VLAI
    Title
    Self-XSS
    Summary
    Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point Mobile Access Affected: Check Point Mobile Access versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52887",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T15:49:03.217887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T16:31:21.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Mobile Access",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Mobile Access versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-27T07:46:23.027Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183054"
            }
          ],
          "title": "Self-XSS"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-52887",
        "datePublished": "2025-04-27T07:46:23.027Z",
        "dateReserved": "2024-11-17T08:00:07.201Z",
        "dateUpdated": "2025-04-28T16:31:21.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24911 (GCVE-0-2024-24911)

    Vulnerability from cvelistv5 – Published: 2025-02-06 13:46 – Updated: 2025-02-06 14:11
    VLAI
    Title
    Out of Bounds read in the CPCA process on Check Point Management Server
    Summary
    In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Multi-Domain Security Management, Quantum Security Management Affected: Quantum Security Management R81 (EOS), R81.10, R81.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24911",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T14:11:40.331277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T14:11:48.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multi-Domain Security Management, Quantum Security Management",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Quantum Security Management R81 (EOS), R81.10, R81.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway\u0027s CRL cache."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-06T13:46:11.824Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183101"
            }
          ],
          "title": "Out of Bounds read in the CPCA process on Check Point Management Server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24911",
        "datePublished": "2025-02-06T13:46:11.824Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-02-06T14:11:48.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24914 (GCVE-0-2024-24914)

    Vulnerability from cvelistv5 – Published: 2024-11-07 11:25 – Updated: 2024-11-07 17:33
    VLAI
    Summary
    Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-914 - Improper Control of Dynamically-Identified Variables
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management Affected: Check Point Quantum Gateways versions R81, R81.10, R81.20
    Create a notification for this product.
    checkpoint clusterxl Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:clusterxl:*:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint multi-domain_management Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:multi-domain_management:*:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint quantum_appliances Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:quantum_appliances:*:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint quantum_maestro Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:quantum_maestro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint quantum_scalable_chassis Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:quantum_scalable_chassis:*:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint quantum_security_gateway Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint quantum_security_management Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:quantum_security_management:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:clusterxl:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "clusterxl",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:multi-domain_management:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "multi-domain_management",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_appliances:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_appliances",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_maestro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_maestro",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_scalable_chassis:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_scalable_chassis",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_security_gateway",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_security_management:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_security_management",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T16:56:57.795526Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T17:33:31.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Quantum Gateways versions R81, R81.10, R81.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-914",
                  "description": "CWE-914: Improper Control of Dynamically-Identified Variables",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-07T11:25:53.238Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk182743"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24914",
        "datePublished": "2024-11-07T11:25:53.238Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2024-11-07T17:33:31.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24919 (GCVE-0-2024-24919)

    Vulnerability from cvelistv5 – Published: 2024-05-28 18:22 – Updated: 2025-10-21 23:05
    VLAI CISA Shadowserver KEVIntel
    Title
    Information disclosure
    Summary
    Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    checkpoint Check Point Quantum Gateway, Spark Gateway and CloudGuard Network Affected: Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20.
    Create a notification for this product.
    checkpoint quantum_security_gateway_firmware Affected: r80.40
    Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint cloudguard_network Affected: r80.40
    Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint quantum_spark_appliances Affected: r80.40
    Affected: r81
    Affected: r81.10
    Affected: r81.20
        cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "quantum_security_gateway_firmware",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "quantum_security_gateway_firmware",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "quantum_security_gateway_firmware",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "quantum_security_gateway_firmware",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cloudguard_network",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cloudguard_network",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cloudguard_network",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cloudguard_network",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_spark_appliances",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_spark_appliances",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_spark_appliances",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "quantum_spark_appliances",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "r80.40"
                  },
                  {
                    "status": "affected",
                    "version": "r81"
                  },
                  {
                    "status": "affected",
                    "version": "r81.10"
                  },
                  {
                    "status": "affected",
                    "version": "r81.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24919",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-31T04:00:11.841700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2024-05-30",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:17.408Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2024-05-30T00:00:00.000Z",
                "value": "CVE-2024-24919 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:36:20.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.checkpoint.com/results/sk/sk182336"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Quantum Gateway, Spark Gateway and CloudGuard Network",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-30T12:40:21.757Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk182336"
            }
          ],
          "title": "Information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24919",
        "datePublished": "2024-05-28T18:22:19.401Z",
        "dateReserved": "2024-02-01T15:19:26.279Z",
        "dateUpdated": "2025-10-21T23:05:17.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24912 (GCVE-0-2024-24912)

    Vulnerability from cvelistv5 – Published: 2024-05-01 13:22 – Updated: 2024-08-01 23:36
    VLAI
    Title
    Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file
    Summary
    A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Harmony Endpoint Security Client for Windows Affected: Harmony Endpoint Security Client for Windows versions E88.10 and below
    Create a notification for this product.
    checkpoint harmony_endpoint Affected: e88.10
        cpe:2.3:a:checkpoint:harmony_endpoint:e83:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Kolja Grassmann (Cirosec GmbH) Alain Rödel (Neodyme)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:harmony_endpoint:e83:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "harmony_endpoint",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "status": "affected",
                    "version": "e88.10"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24912",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T17:15:29.343054Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:43:34.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:36:20.217Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.checkpoint.com/results/sk/sk182244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Harmony Endpoint Security Client for Windows",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Harmony Endpoint Security Client for Windows versions E88.10 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kolja Grassmann (Cirosec GmbH)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alain R\u00f6del (Neodyme)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T13:22:48.486Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk182244"
            }
          ],
          "title": "Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24912",
        "datePublished": "2024-05-01T13:22:48.486Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2024-08-01T23:36:20.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24910 (GCVE-0-2024-24910)

    Vulnerability from cvelistv5 – Published: 2024-04-18 17:35 – Updated: 2025-09-29 12:30
    VLAI
    Title
    LocalprivilegeescalationinCheckPointZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,andIdentityAgentforWindowsTerminalServerviacraftedDLLfile
    Summary
    A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - IncorrectPermissionAssignmentforCriticalResource
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint ZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,IdentityAgentforWindowsTerminalServer Affected: ZoneAlarmExtremeSecurityNextGen-versionslowerthan4.2.7,IdentityAgentforWindows-versionslowerthanR81.070.0000,IdentityAgentforWindowsTerminalServer-versionslowerthanR81.070.0000
    Create a notification for this product.
    checkpoint identity_agent Affected: 0 , < R81.070.0000 (custom)
        cpe:2.3:a:checkpoint:identity_agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    checkpoint zonealarm_extreme_security Affected: 0 , < 4.2.7 (custom)
        cpe:2.3:a:checkpoint:zonealarm_extreme_security:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:identity_agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "identity_agent",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "lessThan": "R81.070.0000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:zonealarm_extreme_security:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "zonealarm_extreme_security",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "lessThan": "4.2.7",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24910",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T19:46:15.022279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:43:02.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:36:20.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.checkpoint.com/results/sk/sk182219"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,IdentityAgentforWindowsTerminalServer",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZoneAlarmExtremeSecurityNextGen-versionslowerthan4.2.7,IdentityAgentforWindows-versionslowerthanR81.070.0000,IdentityAgentforWindowsTerminalServer-versionslowerthanR81.070.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732:IncorrectPermissionAssignmentforCriticalResource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-29T12:30:45.141Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk182219"
            }
          ],
          "title": "LocalprivilegeescalationinCheckPointZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,andIdentityAgentforWindowsTerminalServerviacraftedDLLfile"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24910",
        "datePublished": "2024-04-18T17:35:42.688Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-09-29T12:30:45.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28134 (GCVE-0-2023-28134)

    Vulnerability from cvelistv5 – Published: 2023-11-12 22:36 – Updated: 2024-09-03 18:31
    VLAI
    Title
    Local Privliege Escalation in Check Point Endpoint Security Remediation Service
    Summary
    Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Harmony Endpoint. Affected: E84.x (EOL), E85.x (EOL), E86.x, E87.x before E81.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.checkpoint.com/results/sk/sk181597"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T18:29:08.779971Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T18:31:14.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Harmony Endpoint.",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "E84.x (EOL), E85.x (EOL), E86.x, E87.x before E81.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-12T22:36:19.549Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk181597"
            }
          ],
          "title": "Local Privliege Escalation in Check Point Endpoint Security Remediation Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2023-28134",
        "datePublished": "2023-11-12T22:36:19.549Z",
        "dateReserved": "2023-03-10T21:20:19.555Z",
        "dateUpdated": "2024-09-03T18:31:14.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28130 (GCVE-0-2023-28130)

    Vulnerability from cvelistv5 – Published: 2023-07-26 10:57 – Updated: 2025-02-13 16:45
    VLAI
    Summary
    Local user may lead to privilege escalation using Gaia Portal hostnames page.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Quantum Appliances, Quantum Security Gateways Affected: R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198
    checkpoint gaia_portal Affected: 0 , < take14 (custom)
    Affected: r81.10 , < take82 (custom)
    Affected: r80.40 , < take198 (custom)
        cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.checkpoint.com/results/sk/sk181311"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Aug/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gaia_portal",
                "vendor": "checkpoint",
                "versions": [
                  {
                    "lessThan": "take14",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "take82",
                    "status": "affected",
                    "version": "r81.10",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "take198",
                    "status": "affected",
                    "version": "r80.40",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28130",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-23T03:55:42.786958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-23T14:37:14.961Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Appliances, Quantum Security Gateways",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local user may lead to privilege escalation using Gaia Portal hostnames page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T11:06:16.396Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk181311"
            },
            {
              "url": "https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Aug/4"
            },
            {
              "url": "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2023-28130",
        "datePublished": "2023-07-26T10:57:02.708Z",
        "dateReserved": "2023-03-10T21:20:19.555Z",
        "dateUpdated": "2025-02-13T16:45:40.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28133 (GCVE-0-2023-28133)

    Vulnerability from cvelistv5 – Published: 2023-07-23 09:07 – Updated: 2024-10-24 15:52
    VLAI
    Summary
    Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Harmony Endpoint. Affected: E87.x before E81.31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.checkpoint.com/results/sk/sk181276"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T15:52:41.369872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T15:52:50.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Harmony Endpoint.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "E87.x before E81.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-23T11:16:41.704Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk181276"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2023-28133",
        "datePublished": "2023-07-23T09:07:35.383Z",
        "dateReserved": "2023-03-10T21:20:19.555Z",
        "dateUpdated": "2024-10-24T15:52:50.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28131 (GCVE-0-2023-28131)

    Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 16:33
    VLAI
    Summary
    A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • The use of AuthSession modules’s useProxy in Expo below SDK 48 may allow OAuth hijacking, which leads to credentials theft and Account Takeover.
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Expo.io Expo AuthSession module Affected: All versions prior to SDK 48.* (Affected SDK 45.*, 46.* and 47.*)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.407Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T16:33:49.057475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-522",
                    "description": "CWE-522 Insufficiently Protected Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T16:33:56.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Expo AuthSession module",
              "vendor": "Expo.io",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to SDK 48.* (Affected SDK 45.*, 46.* and 47.*)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the \"Expo AuthSession Redirect Proxy\" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The use of AuthSession modules\u2019s useProxy in Expo below SDK 48 may allow OAuth hijacking, which leads to credentials theft and Account Takeover.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-25T00:00:00.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df"
            },
            {
              "url": "https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2023-28131",
        "datePublished": "2023-04-24T00:00:00.000Z",
        "dateReserved": "2023-03-10T00:00:00.000Z",
        "dateUpdated": "2025-02-04T16:33:56.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23746 (GCVE-0-2022-23746)

    Vulnerability from cvelistv5 – Published: 2022-11-30 00:00 – Updated: 2025-04-25 14:31
    VLAI
    Summary
    The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gateway & Management, IPsec VPN blade SNX portal. Affected: R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk180271"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-25T14:31:35.502955Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-25T14:31:53.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gateway \u0026 Management, IPsec VPN blade SNX portal.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-01T00:00:00.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk180271"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2022-23746",
        "datePublished": "2022-11-30T00:00:00.000Z",
        "dateReserved": "2022-01-19T00:00:00.000Z",
        "dateUpdated": "2025-04-25T14:31:53.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }