Vulnerabilities > Sophos > WEB Appliance

DATE CVE VULNERABILITY TITLE RISK
2023-06-30 CVE-2023-33336 Cross-site Scripting vulnerability in Sophos web Appliance 4.3.9.1
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
network
low complexity
sophos CWE-79
4.8
2023-04-04 CVE-2023-1671 Command Injection vulnerability in Sophos web Appliance
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
network
low complexity
sophos CWE-77
critical
9.8
2017-06-09 CVE-2017-9523 Cross-site Scripting vulnerability in Sophos web Appliance
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
network
sophos CWE-79
4.3
2017-03-30 CVE-2017-6412 Session Fixation vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
network
sophos CWE-384
6.8
2017-03-30 CVE-2017-6184 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
network
low complexity
sophos CWE-77
6.5
2017-03-30 CVE-2017-6183 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
network
low complexity
sophos CWE-77
6.5
2017-03-30 CVE-2017-6182 OS Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
network
low complexity
sophos CWE-78
7.5
2017-01-28 CVE-2016-9554 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface.
network
low complexity
sophos CWE-77
critical
9.0
2017-01-28 CVE-2016-9553 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface.
network
low complexity
sophos CWE-77
critical
9.0
2014-04-11 CVE-2014-2850 OS Command Injection vulnerability in Sophos web Appliance and web Appliance Firmware
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
network
sophos CWE-78
8.5