Known Vulnerabilities for products from Sophos
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sophos".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Sophos can be found at device.report : Sophos
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0386 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-22 | 2022-03-28 |
| CVE-2022-0331 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-03-29 | 2023-08-08 |
| CVE-2021-36809 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6 - MEDIUM | 2022-03-08 | 2022-07-12 |
| CVE-2021-36808 | A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9... | 7 - HIGH | 2021-10-30 | 2021-11-29 |
| CVE-2021-36807 | An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.... | 8.8 - HIGH | 2021-11-26 | 2021-11-30 |
| CVE-2021-36806 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2023-11-30 | 2023-12-05 |
| CVE-2021-25273 | Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | 4.8 - MEDIUM | 2021-07-29 | 2021-12-16 |
| CVE-2021-25271 | A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | 6 - MEDIUM | 2021-10-08 | 2022-05-03 |
| CVE-2021-25270 | A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | 6.7 - MEDIUM | 2021-10-08 | 2022-05-03 |
| CVE-2021-25269 | A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path v... | 4.4 - MEDIUM | 2021-11-26 | 2021-12-03 |
| CVE-2021-25268 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.4 - HIGH | 2022-05-05 | 2022-05-13 |
| CVE-2021-25267 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.4 - HIGH | 2022-05-05 | 2022-05-13 |
| CVE-2021-25266 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 3.9 - LOW | 2022-04-27 | 2022-05-06 |
| CVE-2021-25265 | A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | 8.8 - HIGH | 2021-03-22 | 2021-03-24 |
| CVE-2021-25264 | In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator ... | 6.7 - MEDIUM | 2021-05-17 | 2022-07-12 |
| CVE-2020-29574 | An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute ... | 9.8 - CRITICAL | 2020-12-11 | 2020-12-14 |
| CVE-2020-25223 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 - CRITICAL | 2020-09-25 | 2023-10-17 |
| CVE-2020-17352 | Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an aut... | 8.8 - HIGH | 2020-08-07 | 2020-08-12 |
| CVE-2020-15504 | A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allo... | 9.8 - CRITICAL | 2020-07-10 | 2020-07-14 |
| CVE-2020-15069 | Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks featur... | 9.8 - CRITICAL | 2020-06-29 | 2020-07-16 |
Known software with vulnerabilities from Sophos
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sophos | Anti-virus | 9.5.1 |
| Operating System | Sophos | Cyberoamos | 10.6.1 |
| Application | Sophos | Disk Encryption | 5.50.0 |
| Application | Sophos | Endpoint Protection | 10.7 |
| Application | Sophos | Enterprise Console | 5.1 |
| Application | Sophos | Hitmanpro | 3.7 |
| Application | Sophos | Hitmanpro.alert | 3.7.6.744 |
| Application | Sophos | Invincea Dell Protected Workspace | 5.1.1-22303 |
| Application | Sophos | Invincea-x | 6.1.3-24058 |
| Application | Sophos | Puremessage | 6.3.2 |
| Application | Sophos | Safeguard Easy Device Encryption Client | 5.50.0 |
| Application | Sophos | Safeguard Enterprise Device Encryption | 5.6 |
| Operating System | Sophos | Sfos | 17.0 |
| Application | Sophos | Sophos Anti-virus | - |
| Application | Sophos | Sophos Secure Email | 3.9.4 |
| Application | Sophos | Sophos Tester | 3.2.0.7 |
| Hardware | Sophos | Unified Threat Management | 110 |
| Application | Sophos | Unified Threat Management Software | 8.3 |
| Application | Sophos | Unified Threat Management Up2date | 9.0 |
| Application | Sophos | United Threat Management | 9.500 |