Vulnerabilities > Sophos > Unified Threat Management Software > 9.405.5

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-7442 Information Exposure vulnerability in Sophos Unified Threat Management Software
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
local
low complexity
sophos CWE-200
4.4
2016-10-03 CVE-2016-7397 Information Exposure vulnerability in Sophos Unified Threat Management Software
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
local
low complexity
sophos CWE-200
4.4