CVE-2024-39340
- EPSS 0.37%
- Veröffentlicht 12.07.2024 13:15:12
- Zuletzt bearbeitet 21.11.2024 09:27:30
The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 1...
CVE-2023-22897
- EPSS 88.76%
- Veröffentlicht 12.04.2023 23:15:07
- Zuletzt bearbeitet 10.02.2025 16:15:32
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approa...
CVE-2023-22620
- EPSS 87.8%
- Veröffentlicht 12.04.2023 23:15:06
- Zuletzt bearbeitet 10.02.2025 17:15:16
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get...