CVSS: 3.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25266
https://notcve.org/view.php?id=CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. Una vulnerabilidad de almacenamiento de datos no seguro permite a un atacante físico con privilegios de root recuperar claves secretas TOTP de teléfonos desbloqueados en Sophos Authenticator para Android versiones 3.4 y anteriores, e Intercept X for Mobile (Android) versiones anteriores a 9.7.3495 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220427-ixm-storage • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25264
https://notcve.org/view.php?id=CVE-2021-25264
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. En múltiples versiones de los productos Sophos Endpoint para MacOS, un atacante local podría ejecutar código arbitrario con privilegios de administrador • https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/resolved-lpe-in-endpoint-for-macos-cve-2021-25264 •