5 advisories tracked · Sophos (security-alert@sophos.com CNA) via NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in Sophos's recent advisories.
Sophos (security-alert@sophos.com CNA) via NVD
Sophos is its own CVE Numbering Authority. VulniPulse ingests Sophos's CVEs from the NVD CNA feed (security-alert@sophos.com), each linking to its sophos.com advisory. Covers Sophos Firewall (XG/XGS, SFOS), Intercept X / Sophos Central endpoint, Sophos UTM, Sophos Mobile, Sophos Connect VPN and the Web/Email appliances — its firewalls are a repeated mass-exploitation target (the 'Pacific Rim' campaign), so an MSP-heavy, alert-hungry community.
Visit Sophos security advisoriesA post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.