Sophos Web Appliance
By the Year
In 2024 there have been 0 vulnerabilities in Sophos Web Appliance . Last year Web Appliance had 4 security vulnerabilities published. Right now, Web Appliance is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 4 | 6.80 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Web Appliance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sophos Web Appliance Security Vulnerabilities
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1
CVE-2023-33336
4.8 - Medium
- June 30, 2023
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
XSS
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4
CVE-2022-4934
7.2 - High
- April 04, 2023
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
Command Injection
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form
CVE-2020-36692
5.4 - Medium
- April 04, 2023
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
XSS
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4
CVE-2023-1671
9.8 - Critical
- April 04, 2023
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sophos Web Appliance or by Sophos? Click the Watch button to subscribe.