Sophos Connect
by Sophos
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48310 | 0.00 | — | 0.00 | Mar 1, 2023 | An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | |||
| CVE-2022-48309 | 0.00 | — | 0.00 | Mar 1, 2023 | A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | |||
| CVE-2022-4901 | 0.00 | — | 0.00 | Mar 1, 2023 | Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | |||
| CVE-2021-25265 | 0.00 | — | 0.02 | Mar 22, 2021 | A malicious website could execute code remotely in Sophos Connect Client before version 2.1. |
- CVE-2022-48310Mar 1, 2023risk 0.00cvss —epss 0.00
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
- CVE-2022-48309Mar 1, 2023risk 0.00cvss —epss 0.00
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
- CVE-2022-4901Mar 1, 2023risk 0.00cvss —epss 0.00
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
- CVE-2021-25265Mar 22, 2021risk 0.00cvss —epss 0.02
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.