Sophos Web_appliance
14 CVEs affecting Sophos Web_appliance. Latest disclosed: 2017-06-09. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-6182 | Critical | 9.8 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injectio… |
CVE-2017-6412 | High | 8.1 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. |
CVE-2017-6183 | High | 7.2 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulner… |
CVE-2016-9554 | High | 7.2 | 2017-01-28 | The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrati… |
CVE-2016-9553 | High | 7.2 | 2017-01-28 | The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vuln… |
CVE-2017-9523 | Medium | 6.1 | 2017-06-09 | The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. |
CVE-2017-6184 | Medium | 4.7 | 2017-03-30 | In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injectio… |
CVE-2014-2850 | | 2014-04-11 | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via she… | |
CVE-2014-2849 | | 2014-04-11 | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a… | |
CVE-2013-2643 | | 2014-03-18 | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via th… | |
CVE-2013-2642 | | 2014-03-18 | Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block… | |
CVE-2013-2641 | | 2014-03-18 | Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. | |
CVE-2013-4984 | | 2013-09-10 | The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privilege… | |
CVE-2013-4983 | | 2013-09-10 | The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary… |