Vulnerabilities > Checkpoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-30 | CVE-2022-23746 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkpoint SSL Network Extender The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). | 7.5 |
| 2022-09-27 | CVE-2022-41604 | Improper Privilege Management vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. | 8.8 |
| 2022-07-07 | CVE-2022-23744 | Unspecified vulnerability in Checkpoint Endpoint Security and Harmony Endpoint Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | 2.1 |
| 2022-05-12 | CVE-2022-23742 | Link Following vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. | 4.6 |
| 2022-05-11 | CVE-2021-30361 | OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | 6.9 |
| 2022-05-11 | CVE-2022-23743 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. | 7.8 |
| 2022-01-10 | CVE-2021-30360 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Users have access to the directory where the installation repair occurs. | 7.2 |
| 2021-10-22 | CVE-2021-30359 | Uncontrolled Search Path Element vulnerability in Checkpoint Harmony Browse and Sandblast Agent for Browsers The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. | 7.2 |
| 2021-10-19 | CVE-2021-30358 | OS Command Injection vulnerability in Checkpoint Mobile Access Portal Agent Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent. | 6.0 |
| 2021-06-08 | CVE-2021-30357 | Information Exposure Through an Error Message vulnerability in Checkpoint SSL Network Extender SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access. | 5.0 |