Skip to main content

Unified Threat Management

8 CVEs product

Monthly

CVE-2023-22897 MEDIUM POC This Month

An issue was discovered in SecurePoint UTM before 12.2.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Threat Management
NVD GitHub
CVSS 3.1
6.5
EPSS
4.1%
CVE-2023-22620 HIGH POC This Week

An issue was discovered in SecurePoint UTM before 12.2.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Unified Threat Management
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2022-0652 HIGH This Week

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0386 HIGH This Week

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Unified Threat Management
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-25273 MEDIUM POC This Month

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos XSS Unified Threat Management
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-25223 CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE Command Injection Unified Threat Management
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2014-2537 HIGH PATCH This Week

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos Denial Of Service Unified Threat Management Software Unified Threat Management
NVD VulDB
CVSS 2.0
7.8
EPSS
1.7%
CVE-2012-3238 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Security Gateway Software Security Gateway Unified Threat Management Software Unified Threat Management
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 4% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in SecurePoint UTM before 12.2.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Threat Management
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

An issue was discovered in SecurePoint UTM before 12.2.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Unified Threat Management
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Unified Threat Management
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos XSS Unified Threat Management
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE Command Injection +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos Denial Of Service Unified Threat Management Software +1
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Security Gateway Software Security Gateway +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy