Vulnerabilities > Sophos > WEB Appliance > 4.2.1.3

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2023-1671 Command Injection vulnerability in Sophos web Appliance
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
network
low complexity
sophos CWE-77
critical
 9.8
9.8
2017-01-28 CVE-2016-9554 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface.
network
low complexity
sophos CWE-77
critical
 9.0
9.0
2017-01-28 CVE-2016-9553 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface.
network
low complexity
sophos CWE-77
critical
 9.0
9.0