CVE Vulnerabilities

CVE-2007-3464

Published: Jun 27, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
8.5 HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.

Affected Software

Name Vendor Start Version End Version
Safe_at_office_500_utm Sofaware * embedded_ngx_7.0.39_ga

References