Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Check Point Mobile Access

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2024-52885
Assigner-Check Point Software Ltd.
ShareView Details
Assigner-Check Point Software Ltd.
CVSS Score-5||MEDIUM
EPSS-0.09% / 26.80%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 14:45
Updated-27 Aug, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-gaia_osremote_access_vpnmobile_accessCheck Point Mobile Access
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2024-52888
Assigner-Check Point Software Ltd.
ShareView Details
Assigner-Check Point Software Ltd.
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.01%
||
7 Day CHG+0.01%
Published-27 Apr, 2025 | 07:46
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored-XSS

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-Check Point Mobile Access
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52887
Assigner-Check Point Software Ltd.
ShareView Details
Assigner-Check Point Software Ltd.
CVSS Score-3.5||LOW
EPSS-0.06% / 17.11%
||
7 Day CHG+0.01%
Published-27 Apr, 2025 | 07:46
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Self-XSS

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-Check Point Mobile Access
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')