Vulnerabilities > Sophos > WEB Appliance > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2023-1671 Command Injection vulnerability in Sophos web Appliance
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
network
low complexity
sophos CWE-77
critical
 9.8
9.8
2017-03-30 CVE-2017-6182 OS Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
network
low complexity
sophos CWE-78
critical
 9.8
9.8