Vulnerabilities > Checkpoint > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-12 | CVE-2023-28134 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E84/E85/E86 Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. | 7.8 |
| 2023-07-26 | CVE-2023-28130 | Command Injection vulnerability in Checkpoint Gaia Portal Local user may lead to privilege escalation using Gaia Portal hostnames page. | 7.2 |
| 2023-07-23 | CVE-2023-28133 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30 Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | 7.8 |
| 2022-11-30 | CVE-2022-23746 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkpoint SSL Network Extender The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). | 7.5 |
| 2022-09-27 | CVE-2022-41604 | Improper Privilege Management vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. | 8.8 |
| 2022-05-12 | CVE-2022-23742 | Link Following vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. | 7.8 |
| 2022-05-11 | CVE-2022-23743 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. | 7.8 |
| 2022-01-10 | CVE-2021-30360 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Users have access to the directory where the installation repair occurs. | 7.2 |
| 2021-10-22 | CVE-2021-30359 | Uncontrolled Search Path Element vulnerability in Checkpoint Harmony Browse and Sandblast Agent for Browsers The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. | 7.2 |
| 2020-08-04 | CVE-2020-6012 | Link Following vulnerability in Checkpoint Zonealarm Anti-Ransomware 1.0.0601/1.0.710 ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. | 7.4 |