CVE-2016-7397 — Sensitive Information Exposure in Sophos Unified Threat Management Software

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 92.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos Unified Threat Management Software

Timeline

PublishedOct 3

Latest updateMay 14

Description

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsophos/unified_threat_management_software9.405-5

🔴Vulnerability Details

GHSA

GHSA-hjh6-cq5x-wfcq: The Frontend component in Sophos UTM with firmware 9↗2022-05-14

▶

CVEList

CVE-2016-7397: The Frontend component in Sophos UTM with firmware 9↗2016-10-03

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2016-06-20↗2016-06-20

▶