Checkpoint: >> Gaia Os >> r81.20 Security Vulnerabilities
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
CVSS Score
5.0
EPSS Score
0.001
Published
2025-08-06
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-04-27
For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-04-27
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-06
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-11-07