Product Security Incident Response Team Portal
Nozomi Networks Product Security Incident Response Team (PSIRT) is responsible for investigating security concerns that potentially may affect our products and services.
NN-2023:12-01 | 2024-01-16
Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0
NN-2023:9-01 | 2023-11-16
Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0
NN-2023:8-01 | 2023-11-16
Session Fixation in Guardian/CMC before 22.6.2
NN-2023:7-01 | 2023-11-16
DoS via SAML configuration in Guardian/CMC before 22.6.2
NN-2023:6-01 | 2023-11-16
Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2
NN-2023:5-01 | 2023-11-16
Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2
NN-2023:4-01 | 2023-11-16
Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2
NN-2023:3-01 | 2023-11-16
Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
NN-2023:2-01 | 2023-11-16
Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
NN-2023:11-01 | 2023-11-16
SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
NN-2023:10-01 | 2023-11-16
DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
NN-2023:1-01 | 2023-11-16
Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2
NN-2022:2-02 | 2023-11-16
Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0
NN-2022:2-01 | 2023-11-16
Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0
NN-2021:2-01 | 2023-11-16
Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
NN-2021:1-01 | 2023-11-16
Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4
NN-2020:3-01 | 2023-11-16
Angular template injection on custom report name field
NN-2020:2-01 | 2023-11-16
Cross-site request forgery attack on change password form
NN-2020:1-01 | 2023-11-16
NGINX allows HTTP request smuggling
NN-2019:2-01 | 2023-11-16
CSV Injection on node label
NN-2019:1-01 | 2023-11-16
Stored XSS in field name data model
Read more about our incident response policy or contact PSIRT using our GPG key.