VYPR

SG UTM

by Sophos

CVEs (9)

  • CVE-2016-2046MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

  • CVE-2016-7442MedOct 3, 2016
    risk 0.29cvss 4.4epss 0.01

    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

  • CVE-2016-7397MedOct 3, 2016
    risk 0.29cvss 4.4epss 0.01

    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

  • CVE-2020-25223KEVSep 25, 2020
    risk 0.23cvss epss 0.97

    A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

  • CVE-2022-0652Mar 21, 2022
    risk 0.00cvss epss 0.00

    Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.

  • CVE-2022-0386Mar 21, 2022
    risk 0.00cvss epss 0.01

    A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.

  • CVE-2021-36807Nov 26, 2021
    risk 0.00cvss epss 0.01

    An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.

  • CVE-2021-25273Jul 29, 2021
    risk 0.00cvss epss 0.01

    Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

  • CVE-2013-5932Sep 23, 2013
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.