Skip to main content

Secure Web Gateway

6 CVEs product

Monthly

CVE-2024-6398 MEDIUM This Month

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-3378 MEDIUM POC THREAT This Month

A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Web Gateway
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
22.0%
CVE-2023-4400 MEDIUM This Month

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-2310 CRITICAL Act Now

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secure Web Gateway
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-9363 HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix Endpoint Protection Intercept X Endpoint +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2017-18001 CRITICAL POC THREAT Emergency

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Authentication Bypass Secure Web Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
20.8%
Threat
4.1
EPSS 0% CVSS 5.3
MEDIUM This Month

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD
EPSS 22% CVSS 6.1
MEDIUM POC THREAT This Month

A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Web Gateway
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secure Web Gateway
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix +5
NVD
EPSS 21% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Authentication Bypass Secure Web Gateway
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy