Vulnerabilities > Checkpoint > Endpoint Security > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-12 | CVE-2023-28134 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E84/E85/E86 Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. | 7.8 |
| 2023-07-23 | CVE-2023-28133 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30 Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | 7.8 |
| 2022-05-12 | CVE-2022-23742 | Link Following vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. | 7.8 |
| 2022-01-10 | CVE-2021-30360 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Users have access to the directory where the installation repair occurs. | 7.8 |
| 2020-12-03 | CVE-2020-6021 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. | 7.8 |
| 2019-08-29 | CVE-2019-8461 | Untrusted Search Path vulnerability in Checkpoint products Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. | 7.8 |
| 2019-04-29 | CVE-2019-8454 | Link Following vulnerability in Checkpoint Endpoint Security A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | 7.0 |
| 2019-04-22 | CVE-2019-8452 | Link Following vulnerability in Checkpoint Endpoint Security and Zonealarm A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. | 7.8 |