Vulnerabilities > Checkpoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-11 | CVE-2022-23743 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. | 7.8 |
| 2022-01-10 | CVE-2021-30360 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Users have access to the directory where the installation repair occurs. | 7.8 |
| 2021-10-22 | CVE-2021-30359 | Uncontrolled Search Path Element vulnerability in Checkpoint Harmony Browse and Sandblast Agent for Browsers The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. | 7.8 |
| 2021-10-19 | CVE-2021-30358 | OS Command Injection vulnerability in Checkpoint Mobile Access Portal Agent Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent. | 7.2 |
| 2021-06-08 | CVE-2021-30357 | Information Exposure Through an Error Message vulnerability in Checkpoint SSL Network Extender SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access. | 5.3 |
| 2021-04-22 | CVE-2021-30356 | Unspecified vulnerability in Checkpoint Identity Agent A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. | 8.1 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2021-01-20 | CVE-2020-6024 | Improper Privilege Management vulnerability in Checkpoint Smartconsole Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users. | 7.8 |
| 2020-12-03 | CVE-2020-6021 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. | 7.8 |
| 2020-11-05 | CVE-2020-6015 | Unspecified vulnerability in Checkpoint Endpoint Security E84.10 Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. | 5.5 |