Quantum Security Gateway
Approved changes feed: RSS · Atom
cpe:2.3:a:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Checkpoint (963cc759-0773-5380-992a-923d56af82ce) |
|---|---|
| Product | Quantum Security Gateway (8b1a1177-b90f-5f58-8431-462b4f124568) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-48135 |
vulnerable | 2026-06-03 15:26:23.863785 |
HTTP service can incorrectly process malformed HTTP requests
MEDIUM (5.3)
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.
The issue is related to HTTP request parsing and validation.
Published: 2026-05-26T12:57:19.074Z
Updated: 2026-05-27T18:36:10.600Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-48134 |
vulnerable | 2026-06-03 15:26:23.863635 |
SQL injection issue in UserCheck Portal when DLP Software Blade is active
MEDIUM (5.6)
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.
Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
Published: 2026-05-26T12:57:07.767Z
Updated: 2026-06-02T14:15:31.285Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-48133 |
vulnerable | 2026-06-03 15:26:23.863392 |
Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
HIGH (7.5)
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
Published: 2026-05-26T12:56:56.250Z
Updated: 2026-06-02T14:14:24.478Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-48132 |
vulnerable | 2026-06-03 15:26:23.863121 |
VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
HIGH (8.1)
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
Published: 2026-05-26T12:56:47.693Z
Updated: 2026-06-02T14:09:19.968Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-48131 |
vulnerable | 2026-06-03 15:26:23.862661 |
VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero
HIGH (8.1)
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
Published: 2026-05-26T12:56:08.817Z
Updated: 2026-05-26T15:18:43.287Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24914 |
vulnerable | 2026-06-03 14:55:06.064885 |
Details available
HIGH (8)
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
Published: 2024-11-07T11:25:53.238Z
Updated: 2024-11-07T17:33:31.286Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.