Sophos Unified Threat Management — known CVE vulnerabilities
Every CVE whose affected-product data names Sophos Unified Threat Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-0386 — CVSS 8.8 (high): A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM…
CVE-2014-2537 — CVSS 7.8 (high): Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory…
CVE-2021-25273 — CVSS 4.8 (medium): Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVE-2012-3238 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote…
CVE-2022-0652 — CVSS 3.3 (low): Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local…