Lucene search

[email protected]CVE-2022-48309

HistoryMar 01, 2023 - 7:15 p.m.

CVE-2022-48309

2023-03-0119:15:25

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-48309

csrf vulnerability

sophos connect

security vulnerability

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

Affected configurations

NVD

Node

sophosconnectRange<2.2.90

CPENameOperatorVersion
sophos:connectsophos connectlt2.2.90

CPE	Name	Operator	Version
sophos:connect	sophos connect	lt	2.2.90

CNA Affected

[
  {
    "vendor": "Sophos",
    "product": "Sophos Connect Client",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.2.90",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON

Related for CVE-2022-48309

cvelist1 nvd1 prion1