Vulnerabilities > Sophos > WEB Appliance > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2023-1671 | Command Injection vulnerability in Sophos web Appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 |
| 2017-01-28 | CVE-2016-9553 | Command Injection vulnerability in Sophos web Appliance 4.2.1.3 The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. | 9.0 |
| 2017-01-28 | CVE-2016-9554 | Command Injection vulnerability in Sophos web Appliance 4.2.1.3 The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. | 9.0 |
| 2014-03-18 | CVE-2013-2642 | OS Command Injection vulnerability in Sophos web Appliance and web Appliance Firmware Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | 9.3 |
| 2013-09-10 | CVE-2013-4983 | OS Command Injection vulnerability in Sophos web Appliance Firmware The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | 10.0 |