Support Center > Search Results > SecureKnowledge Details
Endpoint Security Server Information disclosure vulnerability
  • Endpoint Security Server and Integrity Server allow a remote, unauthenticated user to download private SSL keys.
  • The following versions of Endpoint Security Server are not vulnerable: R73 HFA02, E80.
  • Vulnerable versions:
    • Endpoint Security Server: R71, R72 and R73
    • Integrity Server: 7.x

To protect the Endpoint Security Server/Integrity Servers (this should include all java servers (Primary, Secondary EPS and all Connection Points) from this vulnerability, customers are advised to install the following HotFix:

Installation instructions

1. Open the archive file.
2. Follow the instructions in the Readme.txt file.


Check Point thanks HD Moore of Rapid7 for bringing this issue to our attention in a forthright and professional manner.

Give us Feedback
Please rate this document