4 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. Los archivos de registro de Confd contienen hashes de contraseñas SHA512crypt de usuarios locales, incluido el root, con permisos de acceso no seguros. Esto permite a un atacante local intentar ataques de fuerza bruta fuera de línea contra estos hashes de contraseñas en Sophos UTM versiones anteriores a 9.710 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 • CWE-532: Insertion of Sensitive Information into Log File CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Una vulnerabilidad de inyección SQL posterior a la autenticación en Mail Manager permite potencialmente a un atacante autenticado ejecutar código en Sophos UTM versiones anteriores a 9.710 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Una vulnerabilidad de tipo XSS almacenado puede ejecutarse como administrador en la visualización de detalles del correo electrónico en cuarentena en Sophos UTM versiones anteriores a 9.706 • http://seclists.org/fulldisclosure/2021/Dec/3 https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-706-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 2

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Se presenta una vulnerabilidad de ejecución de código remota en WebAdmin de Sophos SG UTM versiones anteriores a v9.705 MR5, v9.607 MR7 y v9.511 MR11 A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. • https://github.com/twentybel0w/CVE-2020-25223 http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223 https://cwe.mitre.org/data/definitions/78.html https://www.secpod.com/blog/remote-code-execution-in-sophos-utm https://www.sophos.com/en-us/security-advisories/sophos-sa-20200918-sg-webadmin-rce https:/&#x • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •