Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:33 a.m.6 views

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

8.8CVSS7.2AI score0.0091EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 3:15 a.m.8 views

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.5CVSS6.6AI score0.03888EPSS
Exploits4References1
NVD
NVDadded 2024/07/12 1:15 p.m.11 views

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

8.8CVSS0.0091EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/07/12 12:0 a.m.13 views

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

8.9AI score0.0091EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/07/12 12:0 a.m.17 views

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

0.0091EPSS
Exploits0References3
CVE
CVEadded 2024/07/12 12:0 a.m.44 views

CVE-2024-39340

CVE-2024-39340 affects Securepoint UTM and related products. The authenticated OTP mechanism mishandles OTP keys, allowing bypass of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include Securepoint UTM 11.5 through ...

8.8CVSS8.9AI score0.0091EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/06/21 12:0 a.m.5 views

PT-2024-5353 · Securepoint · Securepoint Utm

Name of the Vulnerable Software and Affected Versions: Securepoint UTM versions 11.5 through 12.6.4 Securepoint UTM Reseller Preview version 12.7.0 Description: The issue is related to the authentication system of Securepoint UTM, specifically with the handling of One-Time Password OTP keys. This...

10CVSS7.5AI score0.0091EPSS
Exploits0References10
VulnCheck KEV
VulnCheck KEVadded 2023/12/04 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.5CVSS7.1AI score0.03888EPSS
Exploits4References1
0day.today
0day.todayadded 2023/04/18 12:0 a.m.277 views

SecurePoint UTM 12.x Session ID Leak Vulnerability

ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date published: 2023-04-11 CVSSv3 Score: 9.0...

7.5CVSS7.6AI score0.03888EPSS
Exploits4
0day.today
0day.todayadded 2023/04/18 12:0 a.m.285 views

SecurePoint UTM 12.x Memory Leak Vulnerability

ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Score: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N...

6.5CVSS6.7AI score0.04074EPSS
Exploits4
Packet Storm
Packet Stormadded 2023/04/18 12:0 a.m.410 views

SecurePoint UTM 12.x Session ID Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date...

7.6AI score0.03888EPSS
Exploits4
Packet Storm
Packet Stormadded 2023/04/18 12:0 a.m.364 views

SecurePoint UTM 12.x Memory Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Scor...

6.6AI score0.04074EPSS
Exploits4
OSV
OSVadded 2023/04/12 11:15 p.m.4 views

CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

6.5CVSS5.8AI score0.04074EPSS
Exploits4References4
NVD
NVDadded 2023/04/12 11:15 p.m.15 views

CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

6.5CVSS6.1AI score0.04074EPSS
Exploits4References4
NVD
NVDadded 2023/04/12 11:15 p.m.15 views

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.5CVSS7.5AI score0.03888EPSS
Exploits4References4
Prion
Prionadded 2023/04/12 11:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

5.1CVSS7.5AI score0.03888EPSS
Exploits4References4Affected Software1
Prion
Prionadded 2023/04/12 11:15 p.m.18 views

Information disclosure

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

4CVSS6.1AI score0.04074EPSS
Exploits4References4Affected Software1
Cvelist
Cvelistadded 2023/04/12 12:0 a.m.21 views

CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

6.3AI score0.04074EPSS
Exploits4References4
Vulnrichment
Vulnrichmentadded 2023/04/12 12:0 a.m.11 views

CVE-2023-22897

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not use...

6.1AI score0.04074EPSS
Exploits4References4
Cvelist
Cvelistadded 2023/04/12 12:0 a.m.18 views

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.7AI score0.03888EPSS
Exploits4References4
Rows per page
Query Builder