2 matches found
CVE-2024-12729
CVE-2024-12729 is a post-auth code injection vulnerability in the Sophos Firewall User Portal, affecting versions prior to 21.0 MR1 (21.0.1). The issue allows authenticated users to remotely execute code on the device. Public documentation highlights remediation by upgrading to 21.0 MR1 or newer ...
PT-2024-9754
Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR1 21.0.1 Description A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall allows access to the reporting database and can lead to remote code execution if a specific...