Lucene search

[email protected]CVE-2021-36806

HistoryNov 30, 2023 - 10:15 a.m.

CVE-2021-36806

2023-11-3010:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve

2021

36806

reflected xss

sophos email appliance

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on

Sophos Email Appliance

older than version 4.5.3.4.

Affected configurations

NVD

Node

sophosemail_applianceRange<4.5.3.4

CPENameOperatorVersion
sophos:email_appliancesophos email appliancelt4.5.3.4

CPE	Name	Operator	Version
sophos:email_appliance	sophos email appliance	lt	4.5.3.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sophos Email Appliance",
    "vendor": "Sophos",
    "versions": [
      {
        "status": "affected",
        "version": "4.5.3.3"
      }
    ]
  }
]

References

community.sophos.com/email-appliance/b/blog/posts/sophos-email-appliance-version-4-5-3-4-released

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2021-36806

prion1 cvelist1 nvd1