Vulnerabilities > Sophos > Connect > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2022-48309 | Cross-Site Request Forgery (CSRF) vulnerability in Sophos Connect A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | 4.3 |
| 2023-03-01 | CVE-2022-48310 | Cleartext Storage of Sensitive Information vulnerability in Sophos Connect An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | 5.5 |
| 2023-03-01 | CVE-2022-4901 | Cross-site Scripting vulnerability in Sophos Connect Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | 6.1 |