For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCheckpoint Gaia Os
OSCheckpointr81.10r81.20r82Checkpoint Mobile Access
APPCheckpointwszystkie wersjeCheckpoint Remote Access Vpn
APPCheckpointwszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2026-50751CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Auth Bypass w Check Point VPN — pominięcie uwierzytelnienia przez błąd IKEv1
CVE-2024-24914HIGH8.0ten sam produkt
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Secu...
CVE-2024-52885MEDIUM5.0ten sam produkt
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an a...
CVE-2024-24911MEDIUM5.3ten sam produkt
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unex...
CVE-2021-30361MEDIUM6.7ten sam produkt
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Cli...