Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    377 vulnerabilities by checkpoint

    CVE-2026-10847 (GCVE-0-2026-10847)

    Vulnerability from nvd – Published: 2026-06-11 13:52 – Updated: 2026-06-11 14:20
    VLAI
    Title
    Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS
    Summary
    A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Agent Affected: Versions prior to 81.087.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T14:19:16.357809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T14:20:43.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Agent",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 81.087.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T13:52:11.651Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "Check Point Security Advisory for CVE-2026-10847",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.checkpoint.com/results/sk/sk185052"
            }
          ],
          "title": "Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-10847",
        "datePublished": "2026-06-11T13:52:11.651Z",
        "dateReserved": "2026-06-04T12:13:32.828Z",
        "dateUpdated": "2026-06-11T14:20:43.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50752 (GCVE-0-2026-50752)

    Vulnerability from nvd – Published: 2026-06-08 11:00 – Updated: 2026-06-10 13:36
    VLAI
    Title
    Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1
    Summary
    A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 19 or below
    Affected: R82 with Jumbo Hotfix Take 103 or below
    Affected: R81.20 with Jumbo Hotfix Take 141 or below
    Affected: R81.10, R81, and R80.40
    Create a notification for this product.
    checkpoint Spark Firewalls Affected: R80.20.X, R81.10.X, and R82.00.X
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T03:55:37.901004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:36:24.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 19 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 103 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 141 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.10, R81, and R80.40"
                }
              ]
            },
            {
              "product": "Spark Firewalls",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R80.20.X, R81.10.X, and R82.00.X"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T11:00:38.563Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk185035"
            }
          ],
          "title": "Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-50752",
        "datePublished": "2026-06-08T11:00:38.563Z",
        "dateReserved": "2026-06-07T09:42:08.252Z",
        "dateUpdated": "2026-06-10T13:36:24.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48136 (GCVE-0-2026-48136)

    Vulnerability from nvd – Published: 2026-05-26 12:57 – Updated: 2026-06-02 14:17
    VLAI
    Title
    Authenticated Administrator Role-Based Access Control Bypass in Compliance
    Summary
    When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Management Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:41:27.298316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:17:00.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Management",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:34.470Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184992"
            }
          ],
          "title": "Authenticated Administrator Role-Based Access Control Bypass in Compliance"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48136",
        "datePublished": "2026-05-26T12:57:29.298Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:17:00.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48135 (GCVE-0-2026-48135)

    Vulnerability from nvd – Published: 2026-05-26 12:57 – Updated: 2026-05-27 18:36
    VLAI
    Title
    HTTP service can incorrectly process malformed HTTP requests
    Summary
    A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T14:48:38.051261Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:36:10.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.\nThe issue is related to HTTP request parsing and validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:28.067Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184991"
            }
          ],
          "title": "HTTP service can incorrectly process malformed HTTP requests"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48135",
        "datePublished": "2026-05-26T12:57:19.074Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-05-27T18:36:10.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48134 (GCVE-0-2026-48134)

    Vulnerability from nvd – Published: 2026-05-26 12:57 – Updated: 2026-06-02 14:15
    VLAI
    Title
    SQL injection issue in UserCheck Portal when DLP Software Blade is active
    Summary
    When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly. Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:15:04.599414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:15:31.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway\u0027s stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.\nExposure is reduced if the UserCheck Portal is not accessible from untrusted networks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:21.332Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184983"
            }
          ],
          "title": "SQL injection issue in UserCheck Portal when DLP Software Blade is active"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48134",
        "datePublished": "2026-05-26T12:57:07.767Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:15:31.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48133 (GCVE-0-2026-48133)

    Vulnerability from nvd – Published: 2026-05-26 12:56 – Updated: 2026-06-02 14:14
    VLAI
    Title
    Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
    Summary
    When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:14:15.264635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:14:24.478Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:14.984Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184993"
            }
          ],
          "title": "Identity Awareness Captive Portal - Unauthenticated Local File Inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48133",
        "datePublished": "2026-05-26T12:56:56.250Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:14:24.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48132 (GCVE-0-2026-48132)

    Vulnerability from nvd – Published: 2026-05-26 12:56 – Updated: 2026-06-02 14:09
    VLAI
    Title
    VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
    Summary
    The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:09:04.979541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:09:19.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:07.343Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184982"
            }
          ],
          "title": "VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48132",
        "datePublished": "2026-05-26T12:56:47.693Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:09:19.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48131 (GCVE-0-2026-48131)

    Vulnerability from nvd – Published: 2026-05-26 12:56 – Updated: 2026-05-26 15:18
    VLAI
    Title
    VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero
    Summary
    The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T15:12:47.698813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T15:18:43.287Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:15:50.325Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184981"
            }
          ],
          "title": "VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48131",
        "datePublished": "2026-05-26T12:56:08.817Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-05-26T15:18:43.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9142 (GCVE-0-2025-9142)

    Vulnerability from nvd – Published: 2026-01-14 14:30 – Updated: 2026-01-14 14:50
    VLAI
    Title
    Local privilege escalation in Harmony SASE Windows Agent
    Summary
    A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Hramony SASE Affected: Check Point Harmony SASE Windows Agent versions prior to 12.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T14:49:40.165312Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T14:50:03.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hramony SASE",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Harmony SASE Windows Agent versions prior to 12.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T14:30:48.630Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184557"
            }
          ],
          "title": "Local privilege escalation in Harmony SASE Windows Agent"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-9142",
        "datePublished": "2026-01-14T14:30:48.630Z",
        "dateReserved": "2025-08-19T07:06:49.638Z",
        "dateUpdated": "2026-01-14T14:50:03.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8305 (GCVE-0-2025-8305)

    Vulnerability from nvd – Published: 2025-12-22 07:58 – Updated: 2025-12-22 13:55
    VLAI
    Title
    Information Disclosure in Identity Agent Debug Files
    Summary
    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Awareness Affected: Check Point Identity Agent Multi User Host Agent under version 81.084.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T13:55:20.829952Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T13:55:37.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Awareness",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T07:58:06.768Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184264"
            }
          ],
          "title": "Information Disclosure in Identity Agent Debug Files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-8305",
        "datePublished": "2025-12-22T07:58:06.768Z",
        "dateReserved": "2025-07-29T10:29:12.712Z",
        "dateUpdated": "2025-12-22T13:55:37.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8304 (GCVE-0-2025-8304)

    Vulnerability from nvd – Published: 2025-12-22 07:57 – Updated: 2025-12-22 17:05
    VLAI
    Title
    Information Disclosure in Identity Agent Registry Keys
    Summary
    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Agent Affected: Check Point Identity Agent Multi User Host Agent under version 81.084.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8304",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T17:05:23.947183Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T17:05:37.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Agent",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T07:57:50.103Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184263"
            }
          ],
          "title": "Information Disclosure in Identity Agent Registry Keys"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-8304",
        "datePublished": "2025-12-22T07:57:50.103Z",
        "dateReserved": "2025-07-29T10:29:06.543Z",
        "dateUpdated": "2025-12-22T17:05:37.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3831 (GCVE-0-2025-3831)

    Vulnerability from nvd – Published: 2025-08-12 14:48 – Updated: 2025-08-12 15:02
    VLAI
    Title
    Exposed SFTP server
    Summary
    Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    • CWE-798 - Use of Hard-coded Credentials.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:01:45.427366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:02:44.904Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Harmony SASE",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Other"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T14:48:26.195Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183761"
            }
          ],
          "title": "Exposed SFTP server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-3831",
        "datePublished": "2025-08-12T14:48:26.195Z",
        "dateReserved": "2025-04-20T09:55:50.263Z",
        "dateUpdated": "2025-08-12T15:02:44.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2028 (GCVE-0-2025-2028)

    Vulnerability from nvd – Published: 2025-08-06 14:44 – Updated: 2025-08-06 15:05
    VLAI
    Title
    Lack of TLS validation
    Summary
    Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point Management Log Server Affected: versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T15:05:10.377561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T15:05:22.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Management Log Server",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T14:44:31.807Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183349"
            }
          ],
          "title": "Lack of TLS validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-2028",
        "datePublished": "2025-08-06T14:44:31.807Z",
        "dateReserved": "2025-03-06T08:12:54.608Z",
        "dateUpdated": "2025-08-06T15:05:22.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24915 (GCVE-0-2024-24915)

    Vulnerability from nvd – Published: 2025-06-29 12:02 – Updated: 2025-06-30 13:32
    VLAI
    Title
    SmartConsole Sensitive Credential Exposure via Memory Dump
    Summary
    Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-316 - The product stores sensitive information in cleartext in memory.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point SmartConsole Affected: Check Point SmartConsole versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:14:08.984786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:32:15.417Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point SmartConsole",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point SmartConsole versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "The product stores sensitive information in cleartext in memory.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-29T12:02:41.126Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183545"
            }
          ],
          "title": "SmartConsole Sensitive Credential Exposure via Memory Dump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24915",
        "datePublished": "2025-06-29T12:02:41.126Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-06-30T13:32:15.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24916 (GCVE-0-2024-24916)

    Vulnerability from nvd – Published: 2025-06-19 13:17 – Updated: 2025-06-20 13:11
    VLAI
    Title
    DLL-HiJacking
    Summary
    Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point SmartConsole Affected: Check Point SmartConsole versions R81.10, R81.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-20T13:06:34.598794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T13:11:11.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point SmartConsole",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point SmartConsole versions R81.10, R81.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted DLLs in the installer\u0027s directory may be loaded and executed, leading to potentially arbitrary code execution with the installer\u0027s privileges (admin)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T13:17:39.651Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183342"
            }
          ],
          "title": "DLL-HiJacking"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24916",
        "datePublished": "2025-06-19T13:17:39.651Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-06-20T13:11:11.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-10847 (GCVE-0-2026-10847)

    Vulnerability from cvelistv5 – Published: 2026-06-11 13:52 – Updated: 2026-06-11 14:20
    VLAI
    Title
    Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS
    Summary
    A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Agent Affected: Versions prior to 81.087.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T14:19:16.357809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T14:20:43.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Agent",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 81.087.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T13:52:11.651Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "Check Point Security Advisory for CVE-2026-10847",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.checkpoint.com/results/sk/sk185052"
            }
          ],
          "title": "Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-10847",
        "datePublished": "2026-06-11T13:52:11.651Z",
        "dateReserved": "2026-06-04T12:13:32.828Z",
        "dateUpdated": "2026-06-11T14:20:43.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50752 (GCVE-0-2026-50752)

    Vulnerability from cvelistv5 – Published: 2026-06-08 11:00 – Updated: 2026-06-10 13:36
    VLAI
    Title
    Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1
    Summary
    A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 19 or below
    Affected: R82 with Jumbo Hotfix Take 103 or below
    Affected: R81.20 with Jumbo Hotfix Take 141 or below
    Affected: R81.10, R81, and R80.40
    Create a notification for this product.
    checkpoint Spark Firewalls Affected: R80.20.X, R81.10.X, and R82.00.X
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T03:55:37.901004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:36:24.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 19 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 103 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 141 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.10, R81, and R80.40"
                }
              ]
            },
            {
              "product": "Spark Firewalls",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R80.20.X, R81.10.X, and R82.00.X"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T11:00:38.563Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk185035"
            }
          ],
          "title": "Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-50752",
        "datePublished": "2026-06-08T11:00:38.563Z",
        "dateReserved": "2026-06-07T09:42:08.252Z",
        "dateUpdated": "2026-06-10T13:36:24.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48136 (GCVE-0-2026-48136)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-06-02 14:17
    VLAI
    Title
    Authenticated Administrator Role-Based Access Control Bypass in Compliance
    Summary
    When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Management Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:41:27.298316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:17:00.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Management",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:34.470Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184992"
            }
          ],
          "title": "Authenticated Administrator Role-Based Access Control Bypass in Compliance"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48136",
        "datePublished": "2026-05-26T12:57:29.298Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:17:00.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48135 (GCVE-0-2026-48135)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-05-27 18:36
    VLAI
    Title
    HTTP service can incorrectly process malformed HTTP requests
    Summary
    A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T14:48:38.051261Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:36:10.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.\nThe issue is related to HTTP request parsing and validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:28.067Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184991"
            }
          ],
          "title": "HTTP service can incorrectly process malformed HTTP requests"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48135",
        "datePublished": "2026-05-26T12:57:19.074Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-05-27T18:36:10.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48134 (GCVE-0-2026-48134)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:57 – Updated: 2026-06-02 14:15
    VLAI
    Title
    SQL injection issue in UserCheck Portal when DLP Software Blade is active
    Summary
    When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly. Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:15:04.599414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:15:31.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway\u0027s stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.\nExposure is reduced if the UserCheck Portal is not accessible from untrusted networks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:21.332Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184983"
            }
          ],
          "title": "SQL injection issue in UserCheck Portal when DLP Software Blade is active"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48134",
        "datePublished": "2026-05-26T12:57:07.767Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:15:31.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48133 (GCVE-0-2026-48133)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-06-02 14:14
    VLAI
    Title
    Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
    Summary
    When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:14:15.264635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:14:24.478Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:14.984Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184993"
            }
          ],
          "title": "Identity Awareness Captive Portal - Unauthenticated Local File Inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48133",
        "datePublished": "2026-05-26T12:56:56.250Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:14:24.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48132 (GCVE-0-2026-48132)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-06-02 14:09
    VLAI
    Title
    VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
    Summary
    The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T14:09:04.979541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T14:09:19.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:16:07.343Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184982"
            }
          ],
          "title": "VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48132",
        "datePublished": "2026-05-26T12:56:47.693Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-06-02T14:09:19.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48131 (GCVE-0-2026-48131)

    Vulnerability from cvelistv5 – Published: 2026-05-26 12:56 – Updated: 2026-05-26 15:18
    VLAI
    Title
    VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero
    Summary
    The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Quantum Security Gateway Affected: R82.10 with Jumbo Hotfix Take 6 or below
    Affected: R82 with Jumbo Hotfix Take 91 or below
    Affected: R81.20 with Jumbo Hotfix Take 127 or below
    Affected: All releases from R81.10 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T15:12:47.698813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T15:18:43.287Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Quantum Security Gateway",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "R82.10 with Jumbo Hotfix Take 6 or below"
                },
                {
                  "status": "affected",
                  "version": "R82 with Jumbo Hotfix Take 91 or below"
                },
                {
                  "status": "affected",
                  "version": "R81.20 with Jumbo Hotfix Take 127 or below"
                },
                {
                  "status": "affected",
                  "version": "All releases from R81.10 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T14:15:50.325Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184981"
            }
          ],
          "title": "VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2026-48131",
        "datePublished": "2026-05-26T12:56:08.817Z",
        "dateReserved": "2026-05-20T19:29:00.635Z",
        "dateUpdated": "2026-05-26T15:18:43.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9142 (GCVE-0-2025-9142)

    Vulnerability from cvelistv5 – Published: 2026-01-14 14:30 – Updated: 2026-01-14 14:50
    VLAI
    Title
    Local privilege escalation in Harmony SASE Windows Agent
    Summary
    A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Hramony SASE Affected: Check Point Harmony SASE Windows Agent versions prior to 12.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T14:49:40.165312Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T14:50:03.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hramony SASE",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Harmony SASE Windows Agent versions prior to 12.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T14:30:48.630Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184557"
            }
          ],
          "title": "Local privilege escalation in Harmony SASE Windows Agent"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-9142",
        "datePublished": "2026-01-14T14:30:48.630Z",
        "dateReserved": "2025-08-19T07:06:49.638Z",
        "dateUpdated": "2026-01-14T14:50:03.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8305 (GCVE-0-2025-8305)

    Vulnerability from cvelistv5 – Published: 2025-12-22 07:58 – Updated: 2025-12-22 13:55
    VLAI
    Title
    Information Disclosure in Identity Agent Debug Files
    Summary
    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Awareness Affected: Check Point Identity Agent Multi User Host Agent under version 81.084.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T13:55:20.829952Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T13:55:37.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Awareness",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T07:58:06.768Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184264"
            }
          ],
          "title": "Information Disclosure in Identity Agent Debug Files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-8305",
        "datePublished": "2025-12-22T07:58:06.768Z",
        "dateReserved": "2025-07-29T10:29:12.712Z",
        "dateUpdated": "2025-12-22T13:55:37.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8304 (GCVE-0-2025-8304)

    Vulnerability from cvelistv5 – Published: 2025-12-22 07:57 – Updated: 2025-12-22 17:05
    VLAI
    Title
    Information Disclosure in Identity Agent Registry Keys
    Summary
    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Identity Agent Affected: Check Point Identity Agent Multi User Host Agent under version 81.084.0000
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8304",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T17:05:23.947183Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T17:05:37.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Agent",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point Identity Agent Multi User Host Agent under version 81.084.0000"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T07:57:50.103Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk184263"
            }
          ],
          "title": "Information Disclosure in Identity Agent Registry Keys"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-8304",
        "datePublished": "2025-12-22T07:57:50.103Z",
        "dateReserved": "2025-07-29T10:29:06.543Z",
        "dateUpdated": "2025-12-22T17:05:37.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3831 (GCVE-0-2025-3831)

    Vulnerability from cvelistv5 – Published: 2025-08-12 14:48 – Updated: 2025-08-12 15:02
    VLAI
    Title
    Exposed SFTP server
    Summary
    Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.
    • CWE-798 - Use of Hard-coded Credentials.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:01:45.427366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:02:44.904Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Harmony SASE",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Other"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-12T14:48:26.195Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183761"
            }
          ],
          "title": "Exposed SFTP server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-3831",
        "datePublished": "2025-08-12T14:48:26.195Z",
        "dateReserved": "2025-04-20T09:55:50.263Z",
        "dateUpdated": "2025-08-12T15:02:44.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2028 (GCVE-0-2025-2028)

    Vulnerability from cvelistv5 – Published: 2025-08-06 14:44 – Updated: 2025-08-06 15:05
    VLAI
    Title
    Lack of TLS validation
    Summary
    Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point Management Log Server Affected: versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2028",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T15:05:10.377561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T15:05:22.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point Management Log Server",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T14:44:31.807Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183349"
            }
          ],
          "title": "Lack of TLS validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2025-2028",
        "datePublished": "2025-08-06T14:44:31.807Z",
        "dateReserved": "2025-03-06T08:12:54.608Z",
        "dateUpdated": "2025-08-06T15:05:22.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24915 (GCVE-0-2024-24915)

    Vulnerability from cvelistv5 – Published: 2025-06-29 12:02 – Updated: 2025-06-30 13:32
    VLAI
    Title
    SmartConsole Sensitive Credential Exposure via Memory Dump
    Summary
    Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-316 - The product stores sensitive information in cleartext in memory.
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point SmartConsole Affected: Check Point SmartConsole versions R81.10, R81.20, R82
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:14:08.984786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:32:15.417Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point SmartConsole",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point SmartConsole versions R81.10, R81.20, R82"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "The product stores sensitive information in cleartext in memory.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-29T12:02:41.126Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183545"
            }
          ],
          "title": "SmartConsole Sensitive Credential Exposure via Memory Dump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24915",
        "datePublished": "2025-06-29T12:02:41.126Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-06-30T13:32:15.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24916 (GCVE-0-2024-24916)

    Vulnerability from cvelistv5 – Published: 2025-06-19 13:17 – Updated: 2025-06-20 13:11
    VLAI
    Title
    DLL-HiJacking
    Summary
    Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    checkpoint Check Point SmartConsole Affected: Check Point SmartConsole versions R81.10, R81.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-20T13:06:34.598794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T13:11:11.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Check Point SmartConsole",
              "vendor": "checkpoint",
              "versions": [
                {
                  "status": "affected",
                  "version": "Check Point SmartConsole versions R81.10, R81.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted DLLs in the installer\u0027s directory may be loaded and executed, leading to potentially arbitrary code execution with the installer\u0027s privileges (admin)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T13:17:39.651Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "url": "https://support.checkpoint.com/results/sk/sk183342"
            }
          ],
          "title": "DLL-HiJacking"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2024-24916",
        "datePublished": "2025-06-19T13:17:39.651Z",
        "dateReserved": "2024-02-01T15:19:26.278Z",
        "dateUpdated": "2025-06-20T13:11:11.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }