2 matches found
Command injection
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's configuration utilities for adding and detecting Active Directory servers was vulnerable to remote command injection, aka NSWA-1314...
CVE-2017-6183
In Sophos Web Appliance (SWA) versions prior to 4.3.1.2, CVE-2017-6183 describes a remote command injection vulnerability in the configuration utilities used for adding/detecting Active Directory servers. The issue arises from improper sanitization of input when managing AD-related settings, enab...