CVE-2018-8790 - AskarLabs CVE Database

CVE-2018-8790

Vendor Check Point Software Technologies Ltd.

Product ZoneAlarm

Weakness CWE-863 · Incorrect authorization

Published March 1, 2019

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM.

Key dates

02Disclosure timeline

March 1, 2019 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-8790

Related vulnerabilities

04Related CVE

CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057 CVE-2021-24917 WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header CVE-2021-24872 Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access