The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
References
Configurations
History
21 Nov 2024, 02:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/archive/1/539518/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/93266 - | |
References | () http://www.securitytracker.com/id/1036931 - |
Information
Published : 2016-10-03 16:09
Updated : 2024-11-21 02:57
NVD link : CVE-2016-7397
Mitre link : CVE-2016-7397
CVE.ORG link : CVE-2016-7397
JSON object : View
Products Affected
sophos
- unified_threat_management_software
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor