Alert: Injection Vulnerability Affecting Gaia Users through Special HTTP Requests
CVE-2024-24914
8HIGH
Key Information
- Vendor
- Checkpoint
- Status
- Clusterxl, Multi-domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management
- Vendor
- CVE Published:
- 7 November 2024
Summary
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
Affected Version(s)
ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management = Check Point Quantum Gateways versions R81, R81.10, R81.20
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database