cpe:2.3:a:sophos:web_appliance:3.4.0:*:*:*:*:*:*:*

CVE-2023-1671

Known exploited
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Max CVSS
9.8
EPSS Score
96.16%
Published
2023-04-04
Updated
2023-04-26
CISA KEV Added
2023-11-16
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
Max CVSS
7.2
EPSS Score
0.05%
Published
2023-04-04
Updated
2023-04-09
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-04-04
Updated
2023-04-09
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-06-09
Updated
2017-06-15
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
Max CVSS
8.1
EPSS Score
3.39%
Published
2017-03-30
Updated
2017-04-15
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
Max CVSS
6.5
EPSS Score
0.16%
Published
2017-03-30
Updated
2017-04-04
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
Max CVSS
7.2
EPSS Score
0.29%
Published
2017-03-30
Updated
2017-04-04
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
Max CVSS
9.8
EPSS Score
4.66%
Published
2017-03-30
Updated
2019-10-03

CVE-2013-4984

Public exploit
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Max CVSS
7.2
EPSS Score
0.08%
Published
2013-09-10
Updated
2016-11-08
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!