CVE-2016-7397
published 2016-10-03CVE-2016-7397: The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the…
PriorityP415medium4.4CVSS 3.0
AVLACLPRHUINSUCHINAN
EPSS
0.54%
41.2th percentile
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | async_http_client_plugin | — | — |
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | image_gallery_plugin | — | — |
| jenkins | tap_plugin | — | — |
| jenkins | users_of_build_failure_analyzer_plugin | — | — |
| jenkins | users_of_image_gallery_plugin | — | — |
| jenkins | users_of_tap_plugin | — | — |
| sophos | unified_threat_management_software | <= 9.405-5 | — |
CVSS provenance
nvdv3.04.4MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hjh6-cq5x-wfcq: The Frontend component in Sophos UTM with firmware 9
ghsa_unreviewed·2022-05-14
CVE-2016-7397 [MEDIUM] CWE-200 GHSA-hjh6-cq5x-wfcq: The Frontend component in Sophos UTM with firmware 9
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
Jenkins
Jenkins Security Advisory 2016-06-20
vendor_jenkins·2016-06-20·CVSS 4.3
CVE-2013-7397 [MEDIUM] Jenkins Security Advisory 2016-06-20
Title: Jenkins Security Advisory 2016-06-20
Jenkins Security Advisory 2016-06-20
This advisory announces vulnerabilities in these Jenkins plugins:
Async Http Client Plugin
Build Failure Analyzer
Image Gallery Plugin
TAP Plugin
Description
Path traversal vulnerability in TAP Plugin
SECURITY-85 / CVE-2016-4986
The plugin did not correctly filter a parameter and allowed reading arbitrary files on the file system.
Path traversal vulnerability in Image Gallery Plugin
SECURITY-278 / CVE-2016-4987
The plugin did not correctly validate form fields and allowed listing arbitrary directories and reading arbitrary files on the file system.
Cross-site scripting vulnerability in Build Failure Analyzer Plugin
SECURITY-290 / CVE-2016-49
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-10-03
Published