Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-01 | CVE-2022-3226 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. | 7.2 |
| 2022-12-01 | CVE-2022-3696 | Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | 7.2 |
| 2022-12-01 | CVE-2022-3709 | Cross-site Scripting vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. | 8.4 |
| 2022-12-01 | CVE-2022-3710 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | 2.7 |
| 2022-12-01 | CVE-2022-3711 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. | 4.3 |
| 2022-12-01 | CVE-2022-3713 | Code Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | 8.8 |
| 2022-11-16 | CVE-2022-3980 | XXE vulnerability in Sophos Mobile 5.0.0/9.7.3/9.7.4 An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | 9.8 |
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |
| 2022-09-07 | CVE-2022-1807 | SQL Injection vulnerability in Sophos Firewall 18.5/19.0 Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | 7.2 |
| 2022-05-05 | CVE-2021-25267 | Cross-site Scripting vulnerability in Sophos Firewall Firmware Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | 8.4 |