Sophos Web Appliance

Do you want an email whenever new security vulnerabilities are reported in Sophos Web Appliance?

By the Year

In 2024 there have been 0 vulnerabilities in Sophos Web Appliance . Last year Web Appliance had 4 security vulnerabilities published. Right now, Web Appliance is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	4	6.80
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Web Appliance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sophos Web Appliance Security Vulnerabilities

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1

CVE-2023-33336 4.8 - Medium - June 30, 2023

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

XSS

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4

CVE-2022-4934 7.2 - High - April 04, 2023

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.

Command Injection

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form

CVE-2020-36692 5.4 - Medium - April 04, 2023

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.

XSS

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4

CVE-2023-1671 9.8 - Critical - April 04, 2023

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sophos Web Appliance or by Sophos? Click the Watch button to subscribe.

Sophos
Vendor

Sophos Web Appliance
Product

Sophos Web Appliance

By the Year

Recent Sophos Web Appliance Security Vulnerabilities

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 CVE-2023-33336 4.8 - Medium - June 30, 2023

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 CVE-2022-4934 7.2 - High - April 04, 2023

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form CVE-2020-36692 5.4 - Medium - April 04, 2023

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 CVE-2023-1671 9.8 - Critical - April 04, 2023