CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24915 – SmartConsole Sensitive Credential Exposure via Memory Dump
https://notcve.org/view.php?id=CVE-2024-24915
29 Jun 2025 — Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. • https://support.checkpoint.com/results/sk/sk183545 • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24916 – DLL-HiJacking
https://notcve.org/view.php?id=CVE-2024-24916
19 Jun 2025 — Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). • https://support.checkpoint.com/results/sk/sk183342 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52888 – Stored-XSS
https://notcve.org/view.php?id=CVE-2024-52888
27 Apr 2025 — For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. • https://support.checkpoint.com/results/sk/sk183055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52887 – Self-XSS
https://notcve.org/view.php?id=CVE-2024-52887
27 Apr 2025 — Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. • https://support.checkpoint.com/results/sk/sk183054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24911 – Out of Bounds read in the CPCA process on Check Point Management Server
https://notcve.org/view.php?id=CVE-2024-24911
06 Feb 2025 — In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache. • https://support.checkpoint.com/results/sk/sk183101 • CWE-125: Out-of-bounds Read •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-24914
https://notcve.org/view.php?id=CVE-2024-24914
07 Nov 2024 — Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available. • https://support.checkpoint.com/results/sk/sk182743 • CWE-914: Improper Control of Dynamically-Identified Variables •
CVSS: 8.6EPSS: 94%CPEs: 16EXPL: 70CVE-2024-24919 – Check Point Quantum Security Gateways Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-24919
28 May 2024 — Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta... • https://packetstorm.news/files/id/178907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24912 – Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24912
01 May 2024 — A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Se ha identificado una vulnerabilidad de escalada de privilegios local en Harmony Endpoint Security Client para las versiones E88.10 y anteriores de Windows. Para aprovechar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ej... • https://support.checkpoint.com/results/sk/sk182244 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24910 – Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file
https://notcve.org/view.php?id=CVE-2024-24910
18 Apr 2024 — A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. Un atacante local puede escalar privilegios en Check Point ZoneAlarm Extreme Security NextGen, Identity Agent para Windows y Identity Agent para Windows Terminal Server afectados. Para aprovechar esta vulner... • https://support.checkpoint.com/results/sk/sk182219 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28134 – Local Privliege Escalation in Check Point Endpoint Security Remediation Service
https://notcve.org/view.php?id=CVE-2023-28134
12 Nov 2023 — Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un atacante local puede aumentar los privilegios en las instalaciones afectadas de Check Point Harmony Endpoint/ZoneAlarm Extreme Security. Un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino p... • https://support.checkpoint.com/results/sk/sk181597 • CWE-732: Incorrect Permission Assignment for Critical Resource •