MEDIUM🇬🇧 English

CVE-2021-30361

CVSS 6.7v3.1pub. 2022-05-11upd. 2024-11-21

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Checkpoint Gaia Os

    OS
    Checkpoint
    wszystkie wersje
  • Checkpoint Gaia Portal

    APP
    Checkpoint
    < 2022-04-13
  • Checkpoint Quantum Security Gateway

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Security Management

    HW
    Checkpoint
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2026-50751CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Auth Bypass w Check Point VPN — pominięcie uwierzytelnienia przez błąd IKEv1

CVE-2024-24919HIGH8.6⚠ KEVten sam produkt

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected t...

CVE-2024-24914HIGH8.0ten sam produkt

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Secu...

CVE-2023-28130HIGH7.2ten sam produkt

Local user may lead to privilege escalation using Gaia Portal hostnames page.

CVE-2024-52885MEDIUM5.0ten sam produkt

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an a...

CVE-2021-30361 — MEDIUM 6.7 | CVEbaza.pl