The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Multiple vulnerabilities in Web GUI of UTM-1 Edge, Safe@Office and ZoneAlarm appliances
| Solution ID |
sk65460 |
| Severity |
Medium |
| Product |
Edge, Safe@Office |
| Version |
8.x, 7.x |
| OS |
Linux |
| Platform / Model |
Edge |
| Date Created |
16-Oct-2011
|
| Last Modified |
20-Nov-2017
|
Symptoms
- Multiple vulnerabilities were detected in Web GUI on UTM-1 Edge, Safe@Office and ZoneAlarm appliances.
- Vulnerabilities are of the following nature: XSS, CSRF, information disclosure and offsite redirection.
- Vulnerable firmware versions are 6.x. 7.x, 8.x.
Solution
This problem was fixed. The fix is included in:
- Firmware 8.2.44 (and above)
Check Point recommends to always upgrade to the
most recent version.
Credit
Check Point thanks Richard Brain of ProCheckUp for responsible disclosure of this issue.
|
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
|
