CVE-2022-48310 — CVSS 5.5 (medium): An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect…
CVE-2022-48309 — CVSS 4.3 (medium): A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
CVE-2022-4901 — CVSS 3.3 (low): Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a…