CVE-2017-6182 — CVSS 9.8 (critical): In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to…
CVE-2013-2642 — CVSS 9.3 (critical): Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip…
CVE-2014-2850 — CVSS 8.5 (high): The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute…
CVE-2014-2849 — CVSS 8.5 (high): The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin…
CVE-2016-9553 — CVSS 7.2 (high): The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative…
CVE-2016-9554 — CVSS 7.2 (high): The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in…
CVE-2013-4984 — CVSS 7.2 (high): The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local…
CVE-2017-6183 — CVSS 7.2 (high): In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active…
CVE-2022-4934 — CVSS 7.2 (high): A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows…
CVE-2020-36692 — CVSS 6.5 (medium): A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of…
CVE-2013-2641 — CVSS 5.0 (medium): Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files…
CVE-2023-33336 — CVSS 4.8 (medium): Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be…
CVE-2017-6184 — CVSS 4.7 (medium): In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to…
CVE-2013-2643 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web…