Vulnerabilidades en Sophos
47 resultadosCVE-2023-1671CRITICALA pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution EPSS 100.0%KEVCVE-2022-1040CRITICALAn authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version vEPSS 99.8%KEVCVE-2022-3236CRITICALA code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1EPSS 98.9%KEVCVE-2024-13973MEDIUMA post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to adminisEPSS 8.3%CVE-2025-6704CRITICALAn arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) caEPSS 8.2%CVE-2022-3980CRITICALAn XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed oEPSS 8.1%CVE-2025-7624CRITICALAn SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to rEPSS 7.2%CVE-2024-13974HIGHA business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controEPSS 6.7%CVE-2025-7382HIGHA command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achievEPSS 3.8%CVE-2021-25265—A malicious website could execute code remotely in Sophos Connect Client before version 2.1.EPSS 1.8%CVE-2022-4934HIGHA post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administratorEPSS 1.8%CVE-2022-3226HIGHAn OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older thanEPSS 1.7%CVE-2021-36807HIGHAn authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.EPSS 1.5%CVE-2022-0331MEDIUMAn information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos FirEPSS 1.4%CVE-2024-12727CRITICALA pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows accesEPSS 1.4%CVE-2024-12729HIGHA post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older thaEPSS 1.3%CVE-2022-0386HIGHA post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM beforEPSS 1.2%CVE-2022-3696HIGHA post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.EPSS 1.1%CVE-2021-25267MEDIUMMultiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0EPSS 1.1%CVE-2022-1807HIGHMultiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.EPSS 1.0%