Sophos » Web Appliance : Security Vulnerabilities, CVEs, CVSS score >= 7

CVE-2014-2850

Public exploit
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Max CVSS
8.5
EPSS Score
18.81%
Published
2014-04-11
Updated
2014-04-14

CVE-2014-2849

Public exploit
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Max CVSS
8.5
EPSS Score
17.80%
Published
2014-04-11
Updated
2014-04-14

CVE-2013-2642

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
Max CVSS
9.3
EPSS Score
1.20%
Published
2014-03-18
Updated
2014-03-19
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close