Vulnerabilities (CVE)

Vendor filter

Sophos Subscribe

Product filter

Web Appliance Subscribe

Filter

13 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-6182 1 Sophos 1 Web Appliance 2019-10-03 7.5
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVE-2017-9523 1 Sophos 1 Web Appliance 2017-06-15 4.3
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
CVE-2017-6412 1 Sophos 1 Web Appliance 2017-04-15 6.8
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
CVE-2017-6184 1 Sophos 1 Web Appliance 2017-04-04 6.5
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
CVE-2017-6183 1 Sophos 1 Web Appliance 2017-04-04 6.5
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
CVE-2016-9554 1 Sophos 1 Web Appliance 2017-03-13 9.0
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php...
CVE-2016-9553 1 Sophos 1 Web Appliance 2017-03-08 9.0
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component...
CVE-2013-4984 1 Sophos 1 Web Appliance 2016-11-08 7.2
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
CVE-2014-2850 1 Sophos 2 Web Appliance Firmware, Web Appliance 2014-04-14 8.5
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
CVE-2014-2849 1 Sophos 2 Web Appliance Firmware, Web Appliance 2014-04-14 8.5
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CVE-2013-2643 1 Sophos 2 Web Appliance Firmware, Web Appliance 2014-03-19 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to...
CVE-2013-2642 1 Sophos 2 Web Appliance Firmware, Web Appliance 2014-03-19 9.3
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote...
CVE-2013-2641 1 Sophos 2 Web Appliance Firmware, Web Appliance 2014-03-19 5.0
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.