CVE-2007-3464

Name of the Vulnerable Software and Affected Versions Check Point SofaWare Safe@Office versions prior to Embedded NGX 7.0.45 GA

Description The issue allows attackers to gain privileges without requiring the old password when changing the admin password. This could be exploited through vectors such as CSRF attacks or making a password change on an unattended workstation.

Recommendations For versions prior to Embedded NGX 7.0.45 GA, update to Embedded NGX 7.0.45 GA or later to resolve the issue. As a temporary workaround, consider restricting access to the password change functionality to minimize the risk of exploitation.