2023

• Maxim Catanoi of LogicalPoint for discovering insecure print of corporate password in Capsule Workspace Android application's log 

2022

• Sainikhil Turewale for discovering multiple cloud misconfigurations.
• Ashutosh Barot for discovering CVE-2022-23746 :  VPN SNX portal may be vulnerable to brute-force attack on passwords 
• Bahaa Naamneh for discovering a Possible privilege escalation in Check Point Endpoint Security.
• Yehia M. Elghaly for discovering a method to avoid phishing detection.
• Gabe Flawedworld for discovering  CVE-2022-23745 in Check Point Capsule Workspace (Fixed in Capsule workspace v8.2.2).
• Erwin Chan for discovering CVE-2022-23744 in Check Point Harmony Endpoint (fixed in  Enterprise Endpoint Security E86.50 Windows Clients)
• Filip Dragovic for discovering CVE-2022-23743 in Check Point ZoneAlarm (fixed in  ZoneAlarm 15.8.200.19118).
• Alain Rödel of cirosec GmbH for discovering CVE-2022-23742 in Check Point Endpoint Security Client for Windows (fixed in Enterprise Endpoint Security E86.40 Windows Clients).

2021

• Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering CVE-2021-30361 in Check Point Gaia Portal (see sk179128 for list of Jumbo HFAs with the fix).
• Ronnie Salomonsen of Mandiant for discovering CVE-2021-30360 in Check Point Remote Access Client (fixed in Check Point Remote Access Client E86.20)
• Ronnie Salomonsen of Mandiant for discovering CVE-2021-30359 in Check Point Harmony Browse and SandBlast Agent for Browsers installers (fixed in Check Point Harmony Browse and SandBlast Agent for Browsers version 90.08.7405)
• Raeez Abdulla of CodeGreen Systems for discovering CVE-2021-30358 in Check Point Mobile Access Portal Agent (fixed in Mobile Access Portal Agent build 800007042)
• João Varelas for discovering CVE-2021-30357 in Check Point SSL Network Extender Client for Linux (fixed in SSL Network Extender Client for Linux build 800008302).
• Mr. Tobias Neitzel of usd AG for discovering CVE-2021-30356 in Check Point Identity Awareness Agent (fixed in Identity Awareness Agent R81.018.0000).
• Rotem Reiss for finding an information disclosure in Check Point docker hub image

2020

• Ubais PK for discovering CVE-2020-6024 regarding a possible local privilege escalation in Check Point SmartConsole (fixed in R81 SmartConsole Build 548, R80.40 SmartConsole Build 415, R80.30 SmartConsole Build 94, R80.20 SmartConsole Build 119, R80.10 SmartConsole Build 185).
• Brenden Meeder of CyberArk Red Team for discovering CVE-2020-6021 in Check Point Endpoint Security Client for Windows (fixed in Enterprise Endpoint Security E84.20 Windows Clients).
• Mads Joensen of Danish Cyber Defence for discovering CVE-2020-6022 and CVE-2020-6023 in Check Point ZoneAlarm Anti-Ransomware (fixed in ZoneAlarm Extreme Security 15.8.139.18543).
• Ido Hoorvich, Chen Erlich, and Nuttakorn Tungpoonsup+Ammarit Thongthua+Sittikorn Sangrattanapitak for (independently) discovering CVE-2020-6015 in Check Point Endpoint Security Client for Windows (fixed in Enterprise Endpoint Security E84.10 Windows Clients).
• Chris Au for discovering CVE-2020-6014 in Check Point Endpoint Security Client for Windows (fixed in Enterprise Endpoint Security E83.20 Windows Clients)
• Deniz Cevik of Cyberwise for discovering a couple of issues in the NGM app on the R80.40 Security Management, which is accessible only to configured administrators (fixed in Jumbo HotFix R80.40 Take 83).
• Eran Shimony for discovering an issue in the installation of Caspule Docs for Windows (fixed in version E83.20)
• Mads Joensen of Danish Cyber Defence for discovering CVE-2020-6012 in Check Point ZoneAlarm Anti-Ransomware (fixed in ZoneAlarm Anti-Ransomware 1.0.713 and in ZoneAlarm Extreme Security 15.8.125.18466)
• Glenn Lloyd working with Trend Micro's Zero Day Initiative for discovering CVE-2020-6013 in Check Point ZoneAlarm Firewall and Antivirus (fixed in ZoneAlarm Extreme Security 15.8.109.18436)
• Nikita Abramov and Mikhail Klyuchnikov of Positive Technologies for discovering CVE-2020-6020 in the ICA Management Portal (fixed in Jumbo HotFixes: in R80.10 JHF Take 278 and above, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38).

2019

• Eran Shimony for discovering CVE-2019-8463 in the installation of the Check Point Endpoint Security Client for Windows (fixed in Enterprise Endpoint Security E82.10 Windows Clients)
• Peleg Hadar of SafeBreach Labs for discovering CVE-2019-8461 in the Initial Client of Check Point Endpoint Security for Windows (fixed in Enterprise Endpoint Security E81.30 Windows Clients)
• Peleg Hadar of SafeBreach Labs for responsibly disclosing a local privilege escalation issue in ZoneAlarm, that was fixed in version 15.6.121.18102 (see: ZoneAlarm Extreme Security - Release History)
• George Karagiannidis of TwelveSec for discovering CVE-2019-8459 in the VPN blade of the Endpoint Client for Windows (fixed in Enterprise Endpoint Security E80.83 Windows Clients)
• Edsel Valle of NSS Labs for discovering CVE-2019-8458 in the Anti-Malware blade of the Endpoint Client for Windows (fixed in Enterprise Endpoint Security E81.00 Windows Clients)
• Jakub Palaczynski for finding issues in ZoneAlarm and the Endpoint Client for Windows: CVE-2019-8452, CVE-2019-8453, CVE-2019-8454, CVE-2019-8455 (fixed in ZoneAlarm and Enterprise Endpoint Security E80.96 Windows Clients)

2018

• Chris Anastasio of Illumant for his finding that ZoneAlarm's SBACipollaSrvHost exposes a WCF service to low privilege users which can be leveraged to execute arbitrary code as SYSTEM (ZoneAlarm® Free Firewall & ZoneAlarm® Free Antivirus + Firewall): CVE-2018-8790
• Boris PARAT of Manhattan SA for improving the protection CPAI-2016-0003 to cover more cases.
• Okan COŞKUN for issues in the UDM Portal's web server (sk137552)

 

2017

• Bogner Florian for a local privilege escalation attack in ZoneAlarm's Anti-Virus (fixed in version 15.1.501.17249)