Vulnerabilities > Sophos > Unified Threat Management Up2Date > 9.354

DATE CVE VULNERABILITY TITLE RISK
2021-11-26 CVE-2021-36807 SQL Injection vulnerability in Sophos Unified Threat Management Up2Date
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
network
low complexity
sophos CWE-89
6.5
6.5