HIGH🇬🇧 English

CVE-2024-24914

CVSS 8.0v3.1pub. 2024-11-07upd. 2025-08-26

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Checkpoint Clusterxl

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Gaia Os

    OS
    Checkpoint
    r81r81.10r81.20
  • Checkpoint Multi Domain Management

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum 6700

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Maestro

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Scalable Chassis

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Security Gateway

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Security Management

    HW
    Checkpoint
    wszystkie wersje
  • Checkpoint Quantum Spark

    HW
    Checkpoint
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-50751CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Auth Bypass w Check Point VPN — pominięcie uwierzytelnienia przez błąd IKEv1

CVE-2024-24919HIGH8.6⚠ KEVten sam produkt

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected t...

CVE-2024-52885MEDIUM5.0ten sam produkt

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an a...

CVE-2024-52888MEDIUM5.4ten sam produkt

For an authenticated end-user the portal may run a script while attempting to display a directory or some file...

CVE-2024-24911MEDIUM5.3ten sam produkt

In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unex...