Vulnerabilities > Nozominetworks > Guardian > 23.1.0

DATE CVE VULNERABILITY TITLE RISK
2024-09-11 CVE-2024-4465 Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration.
network
high complexity
nozominetworks CWE-863
5.0
2024-01-15 CVE-2023-5253 Missing Authentication for Critical Function vulnerability in Nozominetworks CMC and Guardian
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
network
low complexity
nozominetworks CWE-306
7.5