Vulnerabilities > CVE-2016-6597 - 7PK - Security Features vulnerability in Sophos Mobile Control EAS Proxy

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sophos

CWE-254

NVD

Published: 2016-08-10

Updated: 2018-10-09

Summary

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Sophos Sophos Mobile Control EAS Proxy *	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Packetstorm

data source	https://packetstormsecurity.com/files/download/138210/sophosmobilecontrol-openproxy.txt
id	PACKETSTORM:138210
last seen	2016-12-05
published	2016-08-05
reporter	Tim Kretschmann
source	https://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html
title	Sophos Mobile Control 3.5.0.3 Open Reverse Proxy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References