Vulnerabilities > Sophos > WEB Appliance > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2022-4934 | Command Injection vulnerability in Sophos web Appliance A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | 7.2 |
| 2017-03-30 | CVE-2017-6412 | Session Fixation vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | 8.1 |
| 2017-03-30 | CVE-2017-6183 | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. | 7.2 |
| 2017-01-28 | CVE-2016-9554 | Command Injection vulnerability in Sophos web Appliance 4.2.1.3 The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. | 7.2 |
| 2017-01-28 | CVE-2016-9553 | Command Injection vulnerability in Sophos web Appliance 4.2.1.3 The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. | 7.2 |