Vulnerabilities > Sophos > WEB Appliance > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-30 CVE-2017-6182 OS Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
network
low complexity
sophos CWE-78
7.5
2014-04-11 CVE-2014-2850 OS Command Injection vulnerability in Sophos web Appliance and web Appliance Firmware
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
network
sophos CWE-78
8.5
2014-04-11 CVE-2014-2849 Permissions, Privileges, and Access Controls vulnerability in Sophos web Appliance and web Appliance Firmware
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
network
low complexity
sophos CWE-264
8.5
2013-09-10 CVE-2013-4984 Permissions, Privileges, and Access Controls vulnerability in Sophos web Appliance
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
local
low complexity
sophos CWE-264
7.2