Vulnerabilities > Checkpoint
|2023-07-26||CVE-2023-28130|| Command Injection vulnerability in Checkpoint Gaia Portal |
Local user may lead to privilege escalation using Gaia Portal hostnames page.
| 7.2 |
|2023-07-23||CVE-2023-28133|| Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30 |
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
| 7.8 |
|2022-11-30||CVE-2022-23746|| Improper Restriction of Excessive Authentication Attempts vulnerability in Checkpoint SSL Network Extender |
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX).
| 7.5 |
|2022-09-27||CVE-2022-41604|| Improper Privilege Management vulnerability in Checkpoint Zonealarm |
Check Point ZoneAlarm Extreme Security before 220.127.116.1129 allows local users to escalate privileges.
| 8.8 |
|2022-07-07||CVE-2022-23744|| Unspecified vulnerability in Checkpoint Endpoint Security and Harmony Endpoint |
Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.
| 2.1 |
|2022-05-12||CVE-2022-23742|| Link Following vulnerability in Checkpoint Endpoint Security |
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges.
| 4.6 |
|2022-05-11||CVE-2021-30361|| OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal |
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
| 6.9 |
|2022-05-11||CVE-2022-23743|| Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm |
Check Point ZoneAlarm before version 18.104.22.16818 allows a local actor to escalate privileges during the upgrade process.
| 7.8 |
|2022-01-10||CVE-2021-30360|| Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security |
Users have access to the directory where the installation repair occurs.
| 7.2 |
|2021-10-22||CVE-2021-30359|| Uncontrolled Search Path Element vulnerability in Checkpoint Harmony Browse and Sandblast Agent for Browsers |
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation.
| 7.2 |