CVE-2022-4901
https://notcve.org/view.php?id=CVE-2022-4901
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-48310
https://notcve.org/view.php?id=CVE-2022-48310
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-48309
https://notcve.org/view.php?id=CVE-2022-48309
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-25265
https://notcve.org/view.php?id=CVE-2021-25265
A malicious website could execute code remotely in Sophos Connect Client before version 2.1. Un sitio web malicioso podría ejecutar código remotamente en Sophos Connect Client versiones anteriores a 2.1 • https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/resolved-rce-in-sophos-connect-client-for-windows-cve-2021-25265 •