Unified Threat Management Security Vulnerabilities and Issues — Unified Threat Management CVE List

Lucene search

SophosUnified Threat Management

6 matches found

CVE•added 2020/09/25 4:23 a.m.•969 views

CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

10CVSS9.6AI score0.94415EPSS

In wildWeb

CVE•added 2022/03/22 12:15 a.m.•102 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.

7.8CVSS7.7AI score0.00046EPSS

CVE•added 2022/03/22 12:15 a.m.•87 views

CVE-2022-0386

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.

8.8CVSS8.9AI score0.00342EPSS

CVE•added 2021/07/29 8:15 p.m.•66 views

CVE-2021-25273

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

4.8CVSS4.9AI score0.00135EPSS

CVE•added 2012/07/09 10:55 p.m.•36 views

CVE-2012-3238

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

4.3CVSS5.9AI score0.0054EPSS

CVE•added 2014/03/18 5:4 p.m.•33 views

CVE-2014-2537

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.8CVSS6.7AI score0.01262EPSS