Sophos Connect
By the Year
In 2024 there have been 0 vulnerabilities in Sophos Connect . Last year Connect had 3 security vulnerabilities published. Right now, Connect is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 5.30 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Connect vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sophos Connect Security Vulnerabilities
An information disclosure vulnerability
CVE-2022-48310
5.5 - Medium
- March 01, 2023
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
Cleartext Storage of Sensitive Information
A CSRF vulnerability
CVE-2022-48309
4.3 - Medium
- March 01, 2023
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
Session Riding
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration
CVE-2022-4901
6.1 - Medium
- March 01, 2023
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sophos Connect or by Sophos? Click the Watch button to subscribe.
