CVE-2022-0386 — SQL Injection in Sophos UTM

CWE-89 — SQL Injection5 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 57.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos UTM Sophos Unified Threat Management

Timeline

PublishedMar 22

Latest updateMay 5

Description

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sophos/sophos_utmunspecified — 9.710

▶NVDsophos/unified_threat_management< 9.710

🔴Vulnerability Details

OSV

linux-intel-iotg vulnerabilities↗2023-05-05

▶

OSV

linux-hwe-5.15 vulnerabilities↗2023-04-25

▶

GHSA

GHSA-fcjj-3vvm-98fr: A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version↗2022-03-23

▶

CVEList

CVE-2022-0386: A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version↗2022-03-21

▶