Sophos: >> Unified Threat Management Software >> 8.3 Security Vulnerabilities
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
CVSS Score
4.4
EPSS Score
0.0
Published
2016-10-03
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
CVSS Score
4.4
EPSS Score
0.0
Published
2016-10-03
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-02-17
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.013
Published
2014-03-18
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
CVSS Score
4.3
EPSS Score
0.005
Published
2012-07-09