Sophos Connect
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sophos Connect.
By the Year
In 2026 there have been 0 vulnerabilities in Sophos Connect. Connect did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 3 | 5.30 |
It may take a day or so for new Connect vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sophos Connect Security Vulnerabilities
Info Disclosure in Sophos Connect <2.2.90: Key Material in Support Archives
CVE-2022-48310
5.5 - Medium
- March 01, 2023
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
Cleartext Storage of Sensitive Information
CSRF in Sophos Connect prior 2.2.90 enables log & support archive download
CVE-2022-48309
4.3 - Medium
- March 01, 2023
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
Session Riding
XSS in Sophos Connect 2.2.90+ to run JS via VPN config
CVE-2022-4901
6.1 - Medium
- March 01, 2023
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sophos Connect or by Sophos? Click the Watch button to subscribe.
