Vulnerabilities > Nozominetworks > Guardian > 23.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-11 | CVE-2024-4465 | Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. | 5.0 |
2024-01-15 | CVE-2023-5253 | Missing Authentication for Critical Function vulnerability in Nozominetworks CMC and Guardian A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information. | 7.5 |