Vulnerabilities > Sophos > Unified Threat Management > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-22 CVE-2022-0386 SQL Injection vulnerability in Sophos Unified Threat Management
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
network
low complexity
sophos CWE-89
8.8
2022-03-22 CVE-2022-0652 Incorrect Permission Assignment for Critical Resource vulnerability in Sophos Unified Threat Management
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions.
local
low complexity
sophos CWE-732
7.8