CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4934
https://notcve.org/view.php?id=CVE-2022-4934
04 Apr 2023 — A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36692
https://notcve.org/view.php?id=CVE-2020-36692
04 Apr 2023 — A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48309
https://notcve.org/view.php?id=CVE-2022-48309
01 Mar 2023 — A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4901
https://notcve.org/view.php?id=CVE-2022-4901
01 Mar 2023 — Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48310
https://notcve.org/view.php?id=CVE-2022-48310
01 Mar 2023 — An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3696
https://notcve.org/view.php?id=CVE-2022-3696
01 Dec 2022 — A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección de código posterior a la autenticación permite a los administradores ejecutar código en Webadmin de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3710
https://notcve.org/view.php?id=CVE-2022-3710
01 Dec 2022 — A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección SQL de solo lectura posterior a la autenticación permite a los clientes API leer contenidos de bases de datos de configuración no confidenciales en el controlador API de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3226
https://notcve.org/view.php?id=CVE-2022-3226
01 Dec 2022 — An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección de comandos del Sistema Operativo permite a los administradores ejecutar código a través de cargas de configuración de VPN SSL en versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3713
https://notcve.org/view.php?id=CVE-2022-3713
01 Dec 2022 — A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección de código permite a atacantes adyacentes ejecutar código en el controlador Wifi de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3711
https://notcve.org/view.php?id=CVE-2022-3711
01 Dec 2022 — A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección SQL de solo lectura posterior a la autenticación permite a los usuarios leer contenidos de bases de datos de configuración no confidenciales en el Portal de usuario de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •