CVE Details
Basic Information
| Title | Lack of TLS validation |
|---|---|
| Type | cve |
| Published | 2025-08-06T14:44:31.807Z |
| Modified | 2025-08-06T15:05:22.411Z |
Product Information
| Vendor | checkpoint |
|---|---|
| Product | Check Point Management Log Server |
| Version | versions R81.10, R81.20, R82 |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L |
AI Analysis
| AI Description | A vulnerability in Check Point Management Log Server where the system fails to validate TLS certificates when downloading a CSV file used for IP-to-country mapping in logs. This could allow man-in-the-middle attacks to modify the data. The vulnerability is rated Medium severity with a CVSS score of 6.5. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Check Point |
| AI Product | Check Point Management Log Server |
| AI Version | R81.10, R81.20, R82 |
Affected Products
- checkpoint Check Point Management Log Server versions R81.10, R81.20, R82
Additional Information
| CWE List | CWE-295 |
|---|---|
| Source | checkpoint |
Description
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs