A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
8.8CVSS
8.7AI Score
0.003EPSS
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
4.3CVSS
4.6AI Score
0.001EPSS
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
5.5CVSS
5.2AI Score
0.0004EPSS
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
6.1CVSS
6AI Score
0.001EPSS