Impact
An authenticated administrator with read‑write privileges in one Management Domain can edit compliance metadata that belongs to a different domain where the administrator has no access permissions, bypassing RBAC. This flaw enables the attacker to alter records used for compliance verification. Based on the description, it is inferred that these unauthorized changes might impact audit reports.
Affected Systems
Checkpoint Quantum Security Management is affected when Compliance is enabled in a Multi‑Domain Management environment. The vulnerability applies to all deployments that allow cross‑domain administrators to update compliance best practice metadata, but no specific software version is listed.
Risk and Exploitability
The CVSS score of 4.1 indicates moderate severity. The EPSS score of 4% indicates a low but non‑negligible likelihood of exploitation, while the vulnerability remains not listed in the CISA KEV catalog, suggesting no known widespread attacks. Based on the description, it is inferred that the attack requires legitimate administrator credentials with write access in at least one domain; such accounts are typically privileged and limited in number. Based on the description, it is inferred that if an attacker obtains such credentials, they can change compliance data in other domains. Based on the description, it is inferred that the overall likelihood depends on the organization’s domain segregation and the number of cross‑domain users.
OpenCVE Enrichment