Vulnerabilities > Checkpoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-12 | CVE-2023-28134 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E84/E85/E86 Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. | 7.8 |
| 2023-07-26 | CVE-2023-28130 | Command Injection vulnerability in Checkpoint Gaia Portal Local user may lead to privilege escalation using Gaia Portal hostnames page. | 7.2 |
| 2023-07-23 | CVE-2023-28133 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30 Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | 7.8 |
| 2022-11-30 | CVE-2022-23746 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkpoint SSL Network Extender The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). | 7.5 |
| 2022-09-27 | CVE-2022-41604 | Improper Privilege Management vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. | 8.8 |
| 2022-07-07 | CVE-2022-23744 | Unspecified vulnerability in Checkpoint Endpoint Security and Harmony Endpoint Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | 2.1 |
| 2022-05-12 | CVE-2022-23742 | Link Following vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. | 7.8 |
| 2022-05-11 | CVE-2021-30361 | OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | 6.9 |
| 2022-05-11 | CVE-2022-23743 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. | 7.8 |
| 2022-01-10 | CVE-2021-30360 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Users have access to the directory where the installation repair occurs. | 7.2 |