CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.2%

CVSS Severity

CVSS v3 Score 4.3

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0
https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfos-19-5-0

Products affected by CVE-2022-3711

Sophos » Xg Firewall » Version: N/A

cpe:2.3:h:sophos:xg_firewall:-
Sophos » Xg Firewall Firmware » Version: 17.0

cpe:2.3:o:sophos:xg_firewall_firmware:17.0
Sophos » Xg Firewall Firmware » Version: 17.5

cpe:2.3:o:sophos:xg_firewall_firmware:17.5
Sophos » Xg Firewall Firmware » Version: 18.0

cpe:2.3:o:sophos:xg_firewall_firmware:18.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3711

Products

Pricing

Contact Us