CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52888 – Stored-XSS
https://notcve.org/view.php?id=CVE-2024-52888
27 Apr 2025 — For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. • https://support.checkpoint.com/results/sk/sk183055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52887 – Self-XSS
https://notcve.org/view.php?id=CVE-2024-52887
27 Apr 2025 — Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. • https://support.checkpoint.com/results/sk/sk183054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24911 – Out of Bounds read in the CPCA process on Check Point Management Server
https://notcve.org/view.php?id=CVE-2024-24911
06 Feb 2025 — In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache. • https://support.checkpoint.com/results/sk/sk183101 • CWE-125: Out-of-bounds Read •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-24914
https://notcve.org/view.php?id=CVE-2024-24914
07 Nov 2024 — Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available. • https://support.checkpoint.com/results/sk/sk182743 • CWE-914: Improper Control of Dynamically-Identified Variables •
CVSS: 8.6EPSS: 94%CPEs: 16EXPL: 69CVE-2024-24919 – Check Point Quantum Security Gateways Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-24919
28 May 2024 — Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta... • https://packetstorm.news/files/id/178907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24912 – Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24912
01 May 2024 — A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Se ha identificado una vulnerabilidad de escalada de privilegios local en Harmony Endpoint Security Client para las versiones E88.10 y anteriores de Windows. Para aprovechar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ej... • https://support.checkpoint.com/results/sk/sk182244 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24910 – Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24910
18 Apr 2024 — A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Un atacante local puede escalar privilegios en Check Point ZoneAlarm Extreme Security NextGen, Identity Agent para Windows y Identity Agent para Windows Terminal Server afectados. Para aprovechar esta vulner... • https://support.checkpoint.com/results/sk/sk182219 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28134 – Local Privliege Escalation in Check Point Endpoint Security Remediation Service
https://notcve.org/view.php?id=CVE-2023-28134
12 Nov 2023 — Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un atacante local puede aumentar los privilegios en las instalaciones afectadas de Check Point Harmony Endpoint/ZoneAlarm Extreme Security. Un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino p... • https://support.checkpoint.com/results/sk/sk181597 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.3EPSS: 3%CPEs: 4EXPL: 2CVE-2023-28130 – Checkpoint Gaia Portal R81.10 Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28130
26 Jul 2023 — Local user may lead to privilege escalation using Gaia Portal hostnames page. Checkpoint Gaia Portal version R81.10 suffers from a remote command execution vulnerability. • https://packetstorm.news/files/id/173918 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-28133
https://notcve.org/view.php?id=CVE-2023-28133
23 Jul 2023 — Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file • https://support.checkpoint.com/results/sk/sk181276 • CWE-732: Incorrect Permission Assignment for Critical Resource •