Vulnerabilities > Sophos > XG Firewall Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-01 | CVE-2022-3711 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. | 4.3 |
| 2020-08-07 | CVE-2020-17352 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 6.5 |