Sophos Web Appliance vulnerabilities
3 known vulnerabilities affecting sophos/sophos_web_appliance.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-1671P1CRITICALCVSS 9.8KEVPoC≥ unspecified, < 4.3.10.42023-04-04
CVE-2023-1671 [CRITICAL] CWE-77 CVE-2023-1671: A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
nvd
CVE-2022-4934P3HIGHCVSS 7.2≥ unspecified, < 4.3.10.42023-04-04
CVE-2022-4934 [HIGH] CWE-77 CVE-2022-4934: A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older th
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
nvd
CVE-2020-36692P4MEDIUMCVSS 5.4≥ unspecified, < 4.3.10.42023-04-04
CVE-2020-36692 [MEDIUM] CWE-79 CVE-2020-36692: A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older th
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
nvd