Product Security Incident Response Team Portal
Nozomi Networks Product Security Incident Response Team (PSIRT) is responsible for investigating security concerns that potentially may affect our products and services.
NN-2024:2-01 | 2024-09-11 | Last update: 2024-09-19
Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0
NN-2023:16-01 | 2024-05-15 | Last update: 2024-05-20
Path traversal via 'zip slip' in Arc before v1.6.0
NN-2023:15-01 | 2024-05-15 | Last update: 2024-09-19
Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0
NN-2023:14-01 | 2024-05-15 | Last update: 2024-05-20
Unsafe temporary data privileges on Unix systems in Arc before v1.6.0
NN-2023:13-01 | 2024-05-15 | Last update: 2024-05-20
Missing authentication for local web interface in Arc before v1.6.0
NN-2024:1-01 | 2024-04-10 | Last update: 2024-09-19
DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1
NN-2023:17-01 | 2024-04-10 | Last update: 2024-09-19
Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
NN-2023:12-01 | 2024-01-15 | Last update: 2024-09-19
Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0
NN-2023:9-01 | 2023-09-18 | Last update: 2024-09-19
Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0
NN-2023:11-01 | 2023-09-18 | Last update: 2024-09-19
SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
NN-2023:10-01 | 2023-09-18 | Last update: 2024-09-19
DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
NN-2023:8-01 | 2023-08-09 | Last update: 2024-09-19
Session Fixation in Guardian/CMC before 22.6.2
NN-2023:7-01 | 2023-08-09 | Last update: 2024-09-19
DoS via SAML configuration in Guardian/CMC before 22.6.2
NN-2023:6-01 | 2023-08-09 | Last update: 2024-09-19
Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2
NN-2023:5-01 | 2023-08-09 | Last update: 2024-05-20
Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2
NN-2023:4-01 | 2023-08-09 | Last update: 2024-09-19
Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2
NN-2023:3-01 | 2023-08-09 | Last update: 2024-09-19
Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
NN-2023:2-01 | 2023-08-09 | Last update: 2024-09-19
Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
NN-2023:1-01 | 2023-05-03 | Last update: 2024-05-20
Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2
NN-2022:2-02 | 2022-02-14 | Last update: 2024-09-19
Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0
NN-2022:2-01 | 2022-02-14 | Last update: 2024-09-19
Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0
NN-2021:2-01 | 2021-02-04 | Last update: 2024-05-20
Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
NN-2021:1-01 | 2021-02-04 | Last update: 2024-05-20
Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4
NN-2020:3-01 | 2020-05-26 | Last update: 2024-05-20
Angular template injection on custom report name field
NN-2020:2-01 | 2020-05-26 | Last update: 2024-05-20
Cross-site request forgery attack on change password form
NN-2020:1-01 | 2020-02-25 | Last update: 2024-05-20
NGINX allows HTTP request smuggling
NN-2019:2-01 | 2019-11-11 | Last update: 2024-05-20
CSV Injection on node label
NN-2019:1-01 | 2019-11-11 | Last update: 2024-05-20
Stored XSS in field name data model
Read more about our incident response policy or contact PSIRT using our GPG key.