VYPR

Sophos Connect

by Sophos

CVEs (4)

  • CVE-2022-48310Mar 1, 2023
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.

  • CVE-2022-48309Mar 1, 2023
    risk 0.00cvss epss 0.00

    A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

  • CVE-2022-4901Mar 1, 2023
    risk 0.00cvss epss 0.00

    Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

  • CVE-2021-25265Mar 22, 2021
    risk 0.00cvss epss 0.02

    A malicious website could execute code remotely in Sophos Connect Client before version 2.1.