Lucene search

SophosCVELIST:CVE-2022-48309

HistoryMar 01, 2023 - 12:00 a.m.

CVE-2022-48309

2023-03-0100:00:00

Sophos

www.cve.org

csrf

vulnerability

sophos connect

logs

technical support archives

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

CNA Affected

[
  {
    "vendor": "Sophos",
    "product": "Sophos Connect Client",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.2.90",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2022-48309