Vulnerabilities > Sophos > Unified Threat Management > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-22 CVE-2022-0386 SQL Injection vulnerability in Sophos Unified Threat Management
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
network
low complexity
sophos CWE-89
6.5
2012-07-09 CVE-2012-3238 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
network
astaro sophos CWE-79
4.3