CVE-2017-6182

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

Published : 2017-03-30 17:59 Updated : 2019-10-03 00:03

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Sophos Web Appliance 4.3.1.1 cpe:/a:sophos:web_appliance:4.3.1.1
  1. Sophos (1) Search CVE
    1. Web Appliance (1) Search CVE
      1. 4.3.1.1

CWE

ID Name Description Links
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-03 00:03
2017-08-12 05:26
2017-03-30 17:59

New CVE