Vulnerabilities > Sophos > Unified Threat Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-22 | CVE-2022-0386 | SQL Injection vulnerability in Sophos Unified Threat Management A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | 8.8 |
| 2022-03-22 | CVE-2022-0652 | Incorrect Permission Assignment for Critical Resource vulnerability in Sophos Unified Threat Management Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. | 7.8 |
| 2021-07-29 | CVE-2021-25273 | Cross-site Scripting vulnerability in Sophos Unified Threat Management Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | 4.8 |
| 2020-09-25 | CVE-2020-25223 | OS Command Injection vulnerability in Sophos Unified Threat Management A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 |