ReportizFlow
Filtered by vendor Securepoint
Subscriptions
Filtered by product Unified Threat Management
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39340 | 1 Securepoint | 1 Unified Threat Management | 2024-11-21 | 8.8 High |
| The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has been fixed in UTM 12.6.5 and 12.7.1. | ||||
| CVE-2023-22897 | 1 Securepoint | 1 Unified Threat Management | 2024-11-21 | 6.5 Medium |
| An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used. | ||||
| CVE-2023-22620 | 1 Securepoint | 1 Unified Threat Management | 2024-11-21 | 7.5 High |
| An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. | ||||
Page 1 of 1.