Web Appliance
Sign in to watchby Sophos
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6182 | Cri | 0.68 | 9.8 | 0.15 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | |
| CVE-2017-6412 | Hig | 0.56 | 8.1 | 0.01 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | |
| CVE-2016-9554 | Hig | 0.51 | 7.2 | 0.11 | Jan 28, 2017 | The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account. | |
| CVE-2017-6183 | Hig | 0.47 | 7.2 | 0.03 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. | |
| CVE-2017-9523 | Med | 0.40 | 6.1 | 0.00 | Jun 9, 2017 | The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | |
| CVE-2017-6184 | Med | 0.31 | 4.7 | 0.01 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | |
| CVE-2014-2850 | 0.09 | — | 0.76 | Apr 11, 2014 | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | ||
| CVE-2014-2849 | 0.09 | — | 0.76 | Apr 11, 2014 | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | ||
| CVE-2013-4984 | 0.04 | — | 0.08 | Sep 10, 2013 | The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. |