Vulnerabilities > Sophos > Connect > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2022-48309 Cross-Site Request Forgery (CSRF) vulnerability in Sophos Connect
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
network
low complexity
sophos CWE-352
4.3
4.3
2023-03-01 CVE-2022-48310 Cleartext Storage of Sensitive Information vulnerability in Sophos Connect
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
local
low complexity
sophos CWE-312
5.5
5.5
2023-03-01 CVE-2022-4901 Cross-site Scripting vulnerability in Sophos Connect
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
network
low complexity
sophos CWE-79
6.1
6.1
2021-03-22 CVE-2021-25265 Unspecified vulnerability in Sophos Connect
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
network
sophos
6.8
6.8