CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3711
https://notcve.org/view.php?id=CVE-2022-3711
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección SQL de solo lectura posterior a la autenticación permite a los usuarios leer contenidos de bases de datos de configuración no confidenciales en el Portal de usuario de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3713
https://notcve.org/view.php?id=CVE-2022-3713
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Una vulnerabilidad de inyección de código permite a atacantes adyacentes ejecutar código en el controlador Wifi de versiones de Sophos Firewall anteriores a la versión 19.5 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2022-3236 – Sophos Firewall Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Una vulnerabilidad de inyección de código en User Portal and Webadmin permite a un atacante remoto ejecutar código en Sophos Firewall versiones v19.0 MR1 y anteriores. A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-1807
https://notcve.org/view.php?id=CVE-2022-1807
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. Múltiples vulnerabilidades SQLi en Webadmin permiten una escalada de privilegios de administrador a superadministrador en Sophos Firewall versiones anteriores a versión 18.5 MR4 y versión 19.0 MR1 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-18-5-4 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220907-sfos-19-0-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25268
https://notcve.org/view.php?id=CVE-2021-25268
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. Múltiples vulnerabilidades de tipo XSS en Webadmin permiten la escalada de privilegios de MySophos admin a SFOS admin en Sophos Firewall versiones anteriores a 19.0 GA • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220505-sfos-19-0-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •