Vulnerabilities > Checkpoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-28 | CVE-2024-24919 | Unspecified vulnerability in Checkpoint products Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. | 8.6 |
| 2023-11-12 | CVE-2023-28134 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E84/E85/E86 Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. | 7.8 |
| 2023-07-26 | CVE-2023-28130 | Command Injection vulnerability in Checkpoint Gaia Portal Local user may lead to privilege escalation using Gaia Portal hostnames page. | 7.2 |
| 2023-07-23 | CVE-2023-28133 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30 Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | 7.8 |
| 2022-11-30 | CVE-2022-23746 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkpoint SSL Network Extender The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). | 7.5 |
| 2022-09-27 | CVE-2022-41604 | Improper Privilege Management vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. | 8.8 |
| 2022-07-18 | CVE-2022-23745 | Out-of-bounds Write vulnerability in Checkpoint Capsule Workspace 8.0 A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). | 7.5 |
| 2022-07-07 | CVE-2022-23744 | Unspecified vulnerability in Checkpoint Endpoint Security and Harmony Endpoint Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | 2.3 |
| 2022-05-12 | CVE-2022-23742 | Link Following vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. | 7.8 |
| 2022-05-11 | CVE-2021-30361 | OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | 6.7 |