Shodan
Vulnerabilities
Vulnerable Software
Sophos:  Security Vulnerabilities
CVE-2022-48310
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-01
CVE-2022-4901
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-03-01
CVE-2022-3226
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-12-01
CVE-2022-3696
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-12-01
CVE-2022-3709
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-12-01
CVE-2022-3710
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
CVSS Score
2.7
EPSS Score
0.002
Published
2022-12-01
CVE-2022-3711
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-12-01
CVE-2022-3713
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-12-01
CVE-2022-3980
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
CVSS Score
9.8
EPSS Score
0.88
Published
2022-11-16
CVE-2022-3236
Known exploited
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
CVSS Score
9.8
EPSS Score
0.927
Published
2022-09-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved