Vulnerabilities > Sophos > Unified Threat Management

DATE CVE VULNERABILITY TITLE RISK
2022-03-22 CVE-2022-0386 SQL Injection vulnerability in Sophos Unified Threat Management
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
network
low complexity
sophos CWE-89
6.5
2022-03-22 CVE-2022-0652 Incorrect Permission Assignment for Critical Resource vulnerability in Sophos Unified Threat Management
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions.
local
low complexity
sophos CWE-732
7.8
2021-07-29 CVE-2021-25273 Cross-site Scripting vulnerability in Sophos Unified Threat Management
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
network
sophos CWE-79
3.5
2020-09-25 CVE-2020-25223 OS Command Injection vulnerability in Sophos Unified Threat Management
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
network
low complexity
sophos CWE-78
critical
9.8
2014-03-18 CVE-2014-2537 Resource Management Errors vulnerability in Sophos products
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
network
low complexity
sophos CWE-399
7.8
2012-07-09 CVE-2012-3238 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
network
astaro sophos CWE-79
4.3