Lucene search

K
cve[email protected]CVE-2022-48309
HistoryMar 01, 2023 - 7:15 p.m.

CVE-2022-48309

2023-03-0119:15:25
CWE-352
web.nvd.nist.gov
29
cve-2022-48309
csrf vulnerability
sophos connect
security vulnerability
nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

Affected configurations

NVD
Node
sophosconnectRange<2.2.90
CPENameOperatorVersion
sophos:connectsophos connectlt2.2.90

CNA Affected

[
  {
    "vendor": "Sophos",
    "product": "Sophos Connect Client",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.2.90",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

Related for CVE-2022-48309