Sophos Web Appliance Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sophos Web Appliance Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2013-4983 — CVSS 10.0 (critical): The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers…
CVE-2013-2642 — CVSS 9.3 (critical): Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip…
CVE-2014-2849 — CVSS 8.5 (high): The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin…
CVE-2014-2850 — CVSS 8.5 (high): The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute…
CVE-2013-2641 — CVSS 5.0 (medium): Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files…
CVE-2013-2643 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web…