Web Appliance
by Sophos
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-20011 | Cri | 0.73 | — | 0.01 | Aug 30, 2025 | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute… | ||
| CVE-2017-6182 | Cri | 0.68 | 9.8 | 0.17 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | ||
| CVE-2017-6412 | Hig | 0.56 | 8.1 | 0.08 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | ||
| CVE-2016-9554 | Hig | 0.52 | 7.2 | 0.24 | Jan 28, 2017 | The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the… | ||
| CVE-2016-9553 | Hig | 0.51 | 7.2 | 0.19 | Jan 28, 2017 | The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP… | ||
| CVE-2017-6183 | Hig | 0.47 | 7.2 | 0.03 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. | ||
| CVE-2017-9523 | Med | 0.40 | 6.1 | 0.01 | Jun 9, 2017 | The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | ||
| CVE-2017-6184 | Med | 0.31 | 4.7 | 0.03 | Mar 30, 2017 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | ||
| CVE-2023-1671 | 0.23 | — | 1.00 | KEV | Apr 4, 2023 | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | ||
| CVE-2013-4983 | 0.10 | — | 0.90 | Sep 10, 2013 | The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | |||
| CVE-2013-2641 | 0.09 | — | 0.71 | Mar 18, 2014 | Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. | |||
| CVE-2014-2850 | 0.08 | — | 0.58 | Apr 11, 2014 | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | |||
| CVE-2014-2849 | 0.08 | — | 0.61 | Apr 11, 2014 | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |||
| CVE-2013-2642 | 0.04 | — | 0.07 | Mar 18, 2014 | Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute… | |||
| CVE-2013-4984 | 0.04 | — | 0.08 | Sep 10, 2013 | The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | |||
| CVE-2013-2643 | 0.03 | — | 0.05 | Mar 18, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to… | |||
| CVE-2023-33336 | 0.00 | — | 0.01 | Jun 30, 2023 | Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | |||
| CVE-2022-4934 | 0.00 | — | 0.02 | Apr 4, 2023 | A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | |||
| CVE-2020-36692 | 0.00 | — | 0.01 | Apr 4, 2023 | A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. |
- risk 0.73cvss —epss 0.01
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute…
- risk 0.68cvss 9.8epss 0.17
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
- risk 0.56cvss 8.1epss 0.08
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
- risk 0.52cvss 7.2epss 0.24
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the…
- risk 0.51cvss 7.2epss 0.19
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP…
- risk 0.47cvss 7.2epss 0.03
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
- risk 0.40cvss 6.1epss 0.01
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
- risk 0.31cvss 4.7epss 0.03
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
- risk 0.23cvss —epss 1.00
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
- CVE-2013-4983Sep 10, 2013risk 0.10cvss —epss 0.90
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
- CVE-2013-2641Mar 18, 2014risk 0.09cvss —epss 0.71
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
- CVE-2014-2850Apr 11, 2014risk 0.08cvss —epss 0.58
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
- CVE-2014-2849Apr 11, 2014risk 0.08cvss —epss 0.61
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
- CVE-2013-2642Mar 18, 2014risk 0.04cvss —epss 0.07
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute…
- CVE-2013-4984Sep 10, 2013risk 0.04cvss —epss 0.08
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
- CVE-2013-2643Mar 18, 2014risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to…
- CVE-2023-33336Jun 30, 2023risk 0.00cvss —epss 0.01
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
- CVE-2022-4934Apr 4, 2023risk 0.00cvss —epss 0.02
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
- CVE-2020-36692Apr 4, 2023risk 0.00cvss —epss 0.01
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.