CVSS: 8.3EPSS: 1%CPEs: 4EXPL: 2CVE-2023-28130 – Checkpoint Gaia Portal R81.10 Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28130
26 Jul 2023 — Local user may lead to privilege escalation using Gaia Portal hostnames page. Checkpoint Gaia Portal version R81.10 suffers from a remote command execution vulnerability. • https://packetstorm.news/files/id/173918 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.9EPSS: 6%CPEs: 5EXPL: 0CVE-2021-30361
https://notcve.org/view.php?id=CVE-2021-30361
11 May 2022 — The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. Los Clientes GUI del Portal Gaia de Check Point permitían a administradores autenticados con permiso para la configuración de los Clientes GUI inyectar un comando que sería ejecutado en el Sistema Operativo Gaia • https://supportcontent.checkpoint.com/solutions?id=sk179128 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •