Home
MEDIUM: 4.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
affected
R82 with Jumbo Hotfix Take 91 or below
affected
R81.20 with Jumbo Hotfix Take 127 or below
affected
All releases from R81.10 and below
affected
Description
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
Problem types
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
R82 with Jumbo Hotfix Take 91 or below
R81.20 with Jumbo Hotfix Take 127 or below
All releases from R81.10 and below
References
support.checkpoint.com/results/sk/sk184992