CVE-2025-3831
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
CVE-2025-2028
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
CVE-2024-52885
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible…
CVE-2024-24915
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
CVE-2024-24916
Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
CVE-2024-52888
For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
CVE-2024-52887
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.
CVE-2024-24911
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not pr…