Sophos Utm vulnerabilities
3 known vulnerabilities affecting sophos/sophos_utm.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-0652HIGHCVSS 7.8≥ unspecified, < 9.7102022-03-22
CVE-2022-0652 [HIGH] CWE-532 CVE-2022-0652: Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure ac
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
cvelistv5nvd
CVE-2022-0386HIGHCVSS 8.8≥ unspecified, < 9.7102022-03-22
CVE-2022-0386 [HIGH] CWE-89 CVE-2022-0386: A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated atta
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
cvelistv5nvd
CVE-2021-25273MEDIUMCVSS 4.8≥ unspecified, ≤ 9.7052021-07-29
CVE-2021-25273 [MEDIUM] CWE-79 CVE-2021-25273: Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before versio
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
cvelistv5nvd