Appgate SDP Security Advisories
If you believe you have identified a security concern with Appgate SDP please contact appgate-security@appgate.com
| Title | ID | Severity | Products Affected | First Published | Last Published |
|---|---|---|---|---|---|
| Cumulative Security Fixes for Privilege Escalations on Appgate SDP ClientsPDF | 2023-02-0001 | High (CVSS 7.8) | Appgate SDP Clients for Windows and macOS versions prior to 6.1.2 | 2023-02-01 | 2023-02-01 |
| Sensitive File Disclosure on ControllersPDF | 2022-12-0001 | Medium (CVSS 5.7) | Appgate SDP Controllers versions prior 6.0.4 | 2022-12-06 | 2022-12-06 |
| Insufficient Logging on Controllers and GatewaysPDF | 2022-11-0001 | Medium (CVSS 4.3) | Appgate SDP Controllers and Gateways versions prior 6.0.3 | 2022-11-03 | 2022-12-05 |
| Privilege Escalation on Appgate SDP Scripting EnginePDF | 2022-08-0001 | Medium (CVSS 6.4) | Appgate SDP Controller and Gateway versions prior to 5.5.8 and 6.0.1 | 2022-08-25 | 2022-08-25 |
| Multi-Condition Bypass due to Firewall Rule OverridePDF | 2022-08-0002 | Medium (CVSS 4.5) | Appgate SDP Gateway versions prior to 5.5.8 and 6.0.1 | 2022-08-25 | 2022-08-25 |
| Host Header Poisoning in Management InterfacePDF | 2022-08-0003 | Medium (CVSS 4.3) | Appgate SDP Controllers versions prior to 5.5.8 and 6.0.1 | 2022-08-25 | 2022-08-25 |
| Privilege Escalation on Appgate SDP Client for WindowsPDF | 2022-07-0002 | High (CVSS 7.8) | Appgate SDP Full Clients for Windows versions prior to 6.0.1 | 2022-07-29 | 2022-07-29 |
| Reflected Cross Site Scripting with PortalPDF | 2022-07-0001 | High (CVSS 7.4) | Appgate SDP Portal versions prior to 5.5.7, and 6.0. | 2022-07-06 | 2022-07-06 |
| Controller impersonation using a compromised appliancePDF | 2022-06-0001 | Medium (CVSS 5.3) | Any appliance with appliance certificates generated by SDP Controllers from versions 5.4 to version 5.5.6. | 2022-06-21 | 2022-06-21 |
| Log4j 2 VulnerabilityPDF | 2021-12-0001 | Minor | Appgate SDP LogServer versions up to and including 5.5.1 | 2021-12-13 | 2022-01-05 |
| Scripting Engine Sandbox BypassPDF | 2021-11-0001 | Medium (CVSS 6.6) | Appgate SDP Controller and Gateway versions prior to 5.5.1 | 2021-12-07 | 2021-12-07 |
| Privilege Escalation on Appgate SDP Clients for LinuxPDF | 2021-06-0001 | High (CVSS 7.5) | Appgate SDP Client for Linux versions prior to 5.4.2 | 2021-06-14 | 2021-06-14 |
Security Advisories relating to older unsupported versions
| Name | Link |
|---|---|
| Information Disclosure on Management Interface | |
| Shell access and information disclosure | |
| CPU vulnerability: Meltdown and Spectre | |
| SAML Authentication Bypass | |
| Information Disclosure on Management Interface | |
| TCP Stack vulnerability: SegmentSmack | |
| Privilege Escalation on Windows Client | |
| Controller Impersonation during Appliance Communication | |
| Remote Privilege Escalation on Windows Client | |
| Scripting Engine Sandbox Bypass | |
| Remote code execution on management interface PDF | |
| Privilege Escalation on Appgate SDP Client for Windows | |
| Default Time-Based OTP Provider Bypass | |
| Cumulative Security Fixes and Improvements for Appgate SDP Clients | |
| Security Fix and Cumulative Improvements for Appgate SDP Clients for Windows | |
| Information Disclosure from Appgate SDP Controllers |
Appgate Security Advisories and other Appgate security content are provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in these publications or linked material is at your own risk. Appgate reserves the right to change or update this content without notice at any time.