Quantum Security Management
Monthly
Cross-domain RBAC bypass in Check Point Quantum Security Management allows an authenticated administrator with read-write access to one Management Domain (CMA) to modify Compliance Best Practices metadata stored in a separate Management Domain where they hold no permissions. The underlying root cause is SQL injection (CWE-89, corroborated by the 'SQLi' intelligence tag), suggesting the Compliance feature's metadata storage does not enforce domain-level query isolation. Affected releases span R81.10 and below, R81.20 up to Jumbo Hotfix Take 127, R82 up to Jumbo Hotfix Take 91, and R82.10 up to Jumbo Hotfix Take 19. No public exploit identified at time of analysis, and EPSS of 0.04% reflects low observed exploitation probability.
Cross-domain RBAC bypass in Check Point Quantum Security Management allows an authenticated administrator with read-write access to one Management Domain (CMA) to modify Compliance Best Practices metadata stored in a separate Management Domain where they hold no permissions. The underlying root cause is SQL injection (CWE-89, corroborated by the 'SQLi' intelligence tag), suggesting the Compliance feature's metadata storage does not enforce domain-level query isolation. Affected releases span R81.10 and below, R81.20 up to Jumbo Hotfix Take 127, R82 up to Jumbo Hotfix Take 91, and R82.10 up to Jumbo Hotfix Take 19. No public exploit identified at time of analysis, and EPSS of 0.04% reflects low observed exploitation probability.