Unrated severityNVD Advisory· Published Dec 19, 2024· Updated Dec 21, 2024
CVE-2024-12727
CVE-2024-12727
Description
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<21.0.1+ 1 more
- (no CPE)range: <21.0.1
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.