Sophos: >> Unified Threat Management >> 9.700 Security Vulnerabilities
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-03-22
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-03-22
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-07-29
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-09-25