Vulnerabilities > Sophos > Unified Threat Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-22 | CVE-2022-0386 | SQL Injection vulnerability in Sophos Unified Threat Management A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | 6.5 |
| 2022-03-22 | CVE-2022-0652 | Incorrect Permission Assignment for Critical Resource vulnerability in Sophos Unified Threat Management Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. | 7.8 |
| 2021-07-29 | CVE-2021-25273 | Cross-site Scripting vulnerability in Sophos Unified Threat Management Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | 3.5 |
| 2020-09-25 | CVE-2020-25223 | OS Command Injection vulnerability in Sophos Unified Threat Management A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 |
| 2014-03-18 | CVE-2014-2537 | Resource Management Errors vulnerability in Sophos products Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.8 |
| 2012-07-09 | CVE-2012-3238 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. | 4.3 |