Information disclosure

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

CVE-2022-0331

The CVE-2022-0331 entry describes an information-disclosure in Sophos Firewall Webadmin, allowing an unauthenticated remote attacker to read the device serial number on v18.5 MR2 and older. Affected component: Webadmin on Sophos Firewall. Root cause: information-disclosure in the Webadmin interfa...

Sophos Firewall 信息泄露漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall version v18.5 MR2 and earlier, which stems from an information disclosure vulnerability in Webadmin that could allow an unauthenticated, remote attacker to read device serial numbers...

PT-2022-13110 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to v18.5 MR3 Description: An information disclosure issue in Webadmin allows an unauthenticated remote attacker to read the device serial number. Recommendations: For Sophos Firewall versions prior to v18.5 MR3,...

Critical Sophos Security Bug Allows RCE on Firewalls

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects versio...

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

Authentication flaw

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

VulnCheck KEV: CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM...

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Recent assessments: jbaines-r7 at April 15, 2022 7:28pm UTC reported: On March 25, 2022, Sophos published a critical security advisory fo...

PT-2022-2444

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to v18.5 MR3 18.5.3 Sophos XG Firewall version 17.0.10 MR-10 Description An authentication bypass issue exists in the User Portal and Webadmin components of Sophos Firewall, potentially allowing a remote attacker...

Vulnerability fixed in Sophos Firewall

Sophos has fixed a vulnerability in Sophos Firewall. The vulnerability allows a malicious party to bypass authentication in the User Portal and Webadmin interfaces to bypass authentication. Subsequently, the malicious party executes code on the vulnerable system. Sophos has released updates to fi...

Sophos Firewall 授权问题漏洞

Sophos Firewall is a firewall from Sophos UK. An authorization issue vulnerability exists in the User Portal and Webadmin modules of Sophos Firewall version v18.5 MR3 and earlier versions, which stems from an authentication bypass vulnerability in the User Portal and Webadmin modules. An attacker...

Sophos SG UTM Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM...

VulnCheck KEV: CVE-2022-1040

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

AtMail Cross-Site Scripting Vulnerability (CNVD-2021-93369)

AtMail is an open source WebMail client from Atmail Australia, which provides Webmail interface, address book management, calendar and other features, and supports IMAP, video mail, etc. A cross-site scripting vulnerability exists in the WebAdmin control panel of AtMail version 6.5.0. An attacker...

CVE-2021-43574

WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2021-43574

WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...