CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.3%

CVSS Severity

CVSS v3 Score 2.7

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0
https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0

Products affected by CVE-2022-3710

Sophos » Xg Firewall » Version: N/A

cpe:2.3:h:sophos:xg_firewall:-
Sophos » Xg Firewall Firmware » Version: 17.0

cpe:2.3:o:sophos:xg_firewall_firmware:17.0
Sophos » Xg Firewall Firmware » Version: 17.5

cpe:2.3:o:sophos:xg_firewall_firmware:17.5
Sophos » Xg Firewall Firmware » Version: 18.0

cpe:2.3:o:sophos:xg_firewall_firmware:18.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3710

Products

Pricing

Contact Us