Sophos Vulnérabilités

Chronologie

Taper

Produit

Sophos Anti-Virus50
Sophos Web Appliance20
Sophos Firewall13
Sophos UTM8
Sophos SafeGuard Enterprise8

Contre-mesures

Official Fix118
Temporary Fix0
Workaround2
Unavailable5
Not Defined35

Exploitabilité

High7
Functional0
Proof-of-Concept62
Unproven5
Not Defined86

Vecteur d'accès

Not Defined0
Physical1
Local32
Adjacent2
Network125

Authentification

Not Defined0
High13
Low48
None99

Interaction de l'utilisateur

Not Defined0
Required26
None134

C3BM Index

CVSSv3 Base

≤10
≤20
≤32
≤45
≤518
≤640
≤723
≤846
≤917
≤109

CVSSv3 Temp

≤10
≤20
≤32
≤411
≤527
≤630
≤745
≤821
≤919
≤105

VulDB

≤10
≤21
≤35
≤411
≤520
≤642
≤720
≤844
≤99
≤108

NVD

≤10
≤20
≤30
≤40
≤55
≤66
≤710
≤819
≤911
≤108

CNA

≤10
≤20
≤31
≤43
≤54
≤62
≤74
≤85
≤95
≤105

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤71
≤80
≤90
≤100

Exploiter 0 jour

<1k29
<2k45
<5k35
<10k12
<25k8
<50k30
<100k1
≥100k0

Exploiter aujourd'hui

<1k151
<2k4
<5k0
<10k4
<25k1
<50k0
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Products (58): Anti-Virus (50), Antivirus (1), Authenticator (1), Capsule8 Console (1), Central Endpoint (1), Cloud Optix (1), Connect (3), Connect Client (1), Control (1), Cyberoam CR500iNG-XP (1), Cyberoam Firewall (2), Cyberoam OS (1), Cyberoam UTM (1), Cyberoam UTM CR25iNG (1), Disk Encryption (1), EAS Proxy (1), ES4000 (1), Email Appliance (1), Endpoint Protection (3), Endpoint Security (1), Exploit Prevention (1), Firewall (13), HitmanPro (1), HitmanPro.Alert (4), Home (1), Home Endpoint (1), IPSec Client (1), Intercept X Advanced (1), Intercept X Advanced for Server (1), Intercept X Endpoint (2), Intercept X for Mobile (1), Intercept X for Server (1), Mobile (1), Mobile Managed On-Premises (1), PureMessage for Microsoft Exchange (3), PureMessage for UNIX (1), SFOS (2), SG UTM (2), SSL VPN Client (1), SafeGuard Easy (7), SafeGuard Enterprise (8), SafeGuard Enterprise Device Encryption (1), SafeGuard LAN Crypt (7), SafeGuard PrivateCrypto (1), Secure Email App (1), Secure Web Gateway. (1), Secure Web Gateway Server (1), Secure Workspace (1), SurfRight HitmanPro (3), Tester Tool (2), Threat Engine Detection (1), UTM (8), Unified Threat Management (1), Web Appliance (20), Web Appliance Remote (1), Web Protection Appliance (2), XG Firewall (7), iView (1)

Link to Vendor Website: https://www.sophos.com/

PubliéBaseTempVulnérabilitéProdExpConCTIEPSSCVE
30/11/20235.05.0Sophos Email Appliance cross site scriptingInconnueNot DefinedOfficial Fix0.040.00046CVE-2021-36806
18/10/20236.06.0Sophos Firewall Secure PDF eXchange divulgation de l'informationFirewall SoftwareNot DefinedNot Defined0.000.00087CVE-2023-5552
05/07/20234.84.8Sophos iView cross site scriptingInconnueNot DefinedNot Defined0.000.00046CVE-2023-33335
30/06/20234.14.1Sophos Web Appliance Double Quote cross site scriptingInconnueNot DefinedNot Defined0.050.00045CVE-2023-33336
04/04/20239.89.6Sophos Web Appliance Warn-proceed elévation de privilègesInconnueNot DefinedOfficial Fix0.030.96425CVE-2023-1671
04/04/20237.27.0Sophos Web Appliance Exception Wizard elévation de privilègesInconnueNot DefinedOfficial Fix0.000.00055CVE-2022-4934
04/04/20235.45.3Sophos Web Appliance Report Scheduler cross site scriptingInconnueNot DefinedOfficial Fix0.000.00049CVE-2020-36692
01/03/20234.34.2Sophos Connect cross site request forgeryInconnueNot DefinedOfficial Fix0.000.00046CVE-2022-48309
01/03/20234.34.3Sophos Connect Local UI cross site scriptingInconnueNot DefinedOfficial Fix0.020.00050CVE-2022-4901
01/03/20234.44.3Sophos Connect Technical Support Archives divulgation de l'informationInconnueNot DefinedOfficial Fix0.000.00043CVE-2022-48310
02/12/20225.95.8Sophos Firewall Webadmin Import Group Wizard cross site scriptingFirewall SoftwareNot DefinedOfficial Fix0.040.00089CVE-2022-3709
02/12/20228.88.6Sophos Firewall Wifi Controller elévation de privilègesFirewall SoftwareNot DefinedOfficial Fix0.020.00046CVE-2022-3713
02/12/20224.34.2Sophos Firewall User Portal sql injectionFirewall SoftwareNot DefinedOfficial Fix0.020.00053CVE-2022-3711
02/12/20227.27.0Sophos Firewall Webadmin elévation de privilègesFirewall SoftwareNot DefinedOfficial Fix0.000.00105CVE-2022-3696
02/12/20227.27.0Sophos Firewall SSL VPN Configuration Upload elévation de privilègesFirewall SoftwareNot DefinedOfficial Fix0.020.00118CVE-2022-3226
02/12/20222.72.6Sophos Firewall API Controller sql injectionFirewall SoftwareNot DefinedOfficial Fix0.000.00053CVE-2022-3710
16/11/20228.58.5Sophos Mobile Managed On-Premises XML elévation de privilègesInconnueNot DefinedNot Defined0.030.49036CVE-2022-3980
23/09/20228.58.5Sophos Firewall User Portal/Webadmin elévation de privilègesFirewall SoftwareNot DefinedNot Defined0.020.11577CVE-2022-3236
08/09/20227.27.0Sophos Firewall Webadmin sql injectionFirewall SoftwareNot DefinedOfficial Fix0.030.00093CVE-2022-1807
06/05/20225.45.3Sophos Firewall Webadmin cross site scriptingFirewall SoftwareNot DefinedOfficial Fix0.000.00104CVE-2021-25268
06/05/20224.64.5Sophos Firewall Webadmin cross site scriptingFirewall SoftwareNot DefinedOfficial Fix0.000.00104CVE-2021-25267
28/04/20222.82.8Sophos Authenticator/Intercept X for Mobile TOTP Secret Key elévation de privilègesAndroid App SoftwareNot DefinedOfficial Fix0.000.00044CVE-2021-25266
29/03/20225.35.3Sophos Firewall Webadmin divulgation de l'informationFirewall SoftwareNot DefinedNot Defined0.000.00125CVE-2022-0331
25/03/20228.58.5Sophos Firewall User Portal/Webadmin authentification faibleFirewall SoftwareNot DefinedNot Defined0.020.97409CVE-2022-1040
22/03/20227.57.4Sophos UTM Mail Manager sql injectionInconnueNot DefinedOfficial Fix0.040.00088CVE-2022-0386

135 plus d'entrées ne sont pas affichées

Do you know our Splunk app?

Download it now for free!