Sophos Endpoint Protection — known CVE vulnerabilities
Every CVE whose affected-product data names Sophos Endpoint Protection, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2018-9233 — CVSS 7.8 (high): Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xm…
CVE-2020-9363 — CVSS 7.8 (high): The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection…
CVE-2018-4863 — CVSS 5.5 (medium): Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYST…