SG UTM
by Sophos
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2046 | Med | 0.40 | 6.1 | 0.03 | Feb 17, 2016 | Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||
| CVE-2016-7442 | Med | 0.29 | 4.4 | 0.01 | Oct 3, 2016 | The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. | ||
| CVE-2016-7397 | Med | 0.29 | 4.4 | 0.01 | Oct 3, 2016 | The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. | ||
| CVE-2020-25223 | 0.23 | — | 0.97 | KEV | Sep 25, 2020 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | ||
| CVE-2022-0652 | 0.00 | — | 0.00 | Mar 21, 2022 | Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||
| CVE-2022-0386 | 0.00 | — | 0.01 | Mar 21, 2022 | A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||
| CVE-2021-36807 | 0.00 | — | 0.01 | Nov 26, 2021 | An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | |||
| CVE-2021-25273 | 0.00 | — | 0.01 | Jul 29, 2021 | Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | |||
| CVE-2013-5932 | 0.00 | — | 0.05 | Sep 23, 2013 | Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors. |
- risk 0.40cvss 6.1epss 0.03
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
- risk 0.29cvss 4.4epss 0.01
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
- risk 0.29cvss 4.4epss 0.01
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
- risk 0.23cvss —epss 0.97
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
- CVE-2022-0652Mar 21, 2022risk 0.00cvss —epss 0.00
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
- CVE-2022-0386Mar 21, 2022risk 0.00cvss —epss 0.01
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
- CVE-2021-36807Nov 26, 2021risk 0.00cvss —epss 0.01
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
- CVE-2021-25273Jul 29, 2021risk 0.00cvss —epss 0.01
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
- CVE-2013-5932Sep 23, 2013risk 0.00cvss —epss 0.05
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.