Vulnerabilities > Checkpoint

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-23742 Link Following vulnerability in Checkpoint Endpoint Security
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges.
local
low complexity
checkpoint CWE-59
4.6
2022-05-11 CVE-2021-30361 OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
6.9
2022-05-11 CVE-2022-23743 Unspecified vulnerability in Checkpoint Zonealarm
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.
local
low complexity
checkpoint
4.6
2022-01-10 CVE-2021-30360 Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security
Users have access to the directory where the installation repair occurs.
local
low complexity
checkpoint CWE-427
7.2
2021-10-22 CVE-2021-30359 Uncontrolled Search Path Element vulnerability in Checkpoint Harmony Browse and Sandblast Agent for Browsers
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation.
local
low complexity
checkpoint CWE-427
7.2
2021-10-19 CVE-2021-30358 OS Command Injection vulnerability in Checkpoint Mobile Access Portal Agent
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.
network
checkpoint CWE-78
6.0
2021-06-08 CVE-2021-30357 Information Exposure Through an Error Message vulnerability in Checkpoint SSL Network Extender
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
network
low complexity
checkpoint CWE-209
5.0
2021-04-22 CVE-2021-30356 Unspecified vulnerability in Checkpoint Identity Agent
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.
network
low complexity
checkpoint
5.5
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
4.3
2021-01-20 CVE-2020-6024 Improper Privilege Management vulnerability in Checkpoint Smartconsole
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
local
low complexity
checkpoint CWE-269
4.6