Sophos: >> Web Appliance Firmware >> 3.2.5 Security Vulnerabilities
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CVSS Score
8.5
EPSS Score
0.619
Published
2014-04-11
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
CVSS Score
8.5
EPSS Score
0.744
Published
2014-04-11
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
CVSS Score
10.0
EPSS Score
0.929
Published
2013-09-10