Vulnerabilities > Sophos > Unified Threat Management > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-22 | CVE-2022-0386 | SQL Injection vulnerability in Sophos Unified Threat Management A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | 8.8 |
| 2022-03-22 | CVE-2022-0652 | Incorrect Permission Assignment for Critical Resource vulnerability in Sophos Unified Threat Management Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. | 7.8 |